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IBM LICENSE HARD 
TO ADOPT: USERS 


Workload-based model | 


cumbersome, they say 


BY JAIKUMAR VIJAYAN 

Eighteen months after IBM in- 
troduced a new licensing mod- 
el aimed at reducing main- 
frame software costs, 
users and analysts say moving 
to it may be more of a chal- 
lenge and less beneficial! in the 
short term than some might 
have previously anticipated. 


some 


With Workload License 
Charges, users can: 

PAY for software based on workload ca- 
pacity requirements, which may not neces- 


and not have software charges increase for 
existing workloads 

BUY reserve hardware capacity for future 
growth with no increase in software prices 
MANAGE sudden spikes in workload with- 
out having to pay extra software fees 


capacity planning and asset 


management 


beforehand _ if 


USERS CAUGHT IN 
MIDDLE OF VAN SPAT 


Customers seek work- arounds after rival 
value- added networks drop online links | 


BY MICHAEL MEEHAN 


| A nasty 
| tween rival e-commerce 


| Corporate 


they want to see any benefits, | 
| long-term status of 


they said. 


value- 
added networks has 
users 
crying foul and 
worrying about the 


spitting match be- | 


| . . oc . 
| Commerce Corp., effective to- 


day. Sterling’s move 
follows 
in September by 
market leader GE 
Global Exchange 


a decision | 


| transactions 


ness reasons,” 


via electronic 
interchange transmis- 
sions with suppliers and cus- 


data 


| tomers that subscribe to other 
| VANs. ICC said its network has 
| minate its VAN interconnect | 
with New York-based Internet | 
| ersburg, Md.-based GXS_ has 


more than 1,000 users. 
Neither Sterling nor Gaith- 


said why it cut off ICC. GXS 
said only that it acted for “busi- 
while Sterling 


declined to comment. 


For now, ICC customers can 


Services Inc. to disconnect its 
| VAN from the one run by ICC. 
Users need 
between different e-commerce 


get around the disconnects by 

| having their EDI traffic routed 

to Sterling and GXS_ users 

| through intermediary links. 

networks to process business | Charlie Townsend, chief tech- 

| nology officer at New York- 

| based Randa Corp., said the 

men’s neckwear maker will be 

able to send data to business 

| partners on Sterling’s network 

via IBM’s VAN at no extra cost, 
with ICC picking up the tab. 

VAN Spat, page 16 


‘VOP HOT, BUT 
USERS SWEAT 


their online links to supply 
chain partners. 

Dublin, Ohio-based Sterling | 
Commerce Inc. last week con- | 
firmed that it plans to ter- | 


“Making the decision to | 
move to WLC is not a trivial 
task, but one that requires | 
an understanding of workload | 

IBM License, page 61 


That’s because companies 
that hope to lower mainframe 
costs by moving to IBM’s 
Workload License Charges | 
need to do extensive software | 


interconnects 





evarting 
The Threa 


| Cyberterrorism may not be an immediate 

| threat to U.S. businesses, but the govern- 
=| mentrecently decreed that critical sectors 
| 
| 


| Voice over IP projects 
take ‘toll on resources 


| BY MICHAEL MEEHAN 
| Voice over IP is one of the 
hottest technologies around, 
but users caution that anyone 
attempting a VOIP project 
needs a lot of bandwidth and 
an equal amount of patience. 
IT managers involved in 
| VOIP efforts said they face a 
| daunting task: making sure 
| that voice packets, which must 
| be given priority on networks 
| for reasons of sound quality, 
don’t gum up their data feeds. 
“You've got to beef up the 
VOIP, page 16 


such as banking, communications and 
the water supply should be on high alert. 
In exclusive interviews, former CIA and 
NSA security experts offer advice on 
steps the public and private sectors 
should take to prevent cyberattacks. 
Story begins on page 30. | 


Flee PbesecselMDescedLacdLocodedestecdsstold laced 
SBXBBIFT# #eERKAUTORRS-DIGIT 48106 
#48106P0Q984PB806% NOU 02 881 3831 
PROQUEST 

PO BOX 984 

ANN ARBOR MI 48106-8984 


NEWSPAPER 


69-2 





wT ttt ee cs Ce, 


EGET easy ae Py nate 


without leavin here. 


‘ 


A 


x 


Microsoft and NetiQ make it easier to manage your entire Windows your entire Windows Server environment from one very convenient place: your 
Server environment. You've got servers running Windows® 2000 here, desk. It starts with Microsoft® Operations Manager 2000, the most effective 
servers running Windows NT® in the next building, and a mix of platforms way to manage all your Windows 2000-based servers and applications, from 
running in your plants overseas. Managing a global-class enterprise sure proactive alerting to performance monitoring to event collection and reporting. 
means a lot of running. By adding NetIQ Extended Management Pack modules, you can also 


Which is why Microsoft and NetlQ teamed up to deliver a way to manage monitor Windows NT 4.0 as well as other Microsoft servers; mission-critical 
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applications like Oracle RDBMS and Lotus Domino; and large-scale enterprise 
platforms like UNIX and NetWare. All from one centralized console 

Which means that you spend a lot less time running around your 
enterprise, and a lot more time simply and effectively managing it. Get a 
head start on reducing your management burden with a visit to netiq.com 


/manageability today. Software for the Agile Business. 






SOMEDAY. 


TOMORROW. 
EVENTUALLY. 


THREE OF THE WORST TIMES TO START PLANNING 
YOUR BUSINESS CONTINUANCE. 


Business Continuity Solutions 


Nothing gives you more peace of mind than knowing your 
business is already prepared to handle anything. To find out how 
ready you are for the future, take our Vulnerability Assessment 


Test today. It’s the quickest way to put your mind at ease. Computer Associates™ 
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ESECURITY SENTINELS 


Denning, Raemarie Schmidt and 
Martha Stansell-Gamm (left) — 
have weathered political battles 
“3 ‘ and conquered other problems to 
e ¢ : 25 help shape IT security policies 
Pt COMMON SENSE IN A DATABASE i used throughout the private and 
a public sectors. PAGE 34 
Sem Artificial intelligence pioneer Doug Lenat (left) 
> has been working for 17 years to codify every- 
thing a human knows. Now the public can add to 
the database. PAGE 49 
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NEWS 6 


6 With so few early adopters of 
-Net, users at Microsoft’s TechEd 
event this week say they still need 
to be convinced of its usefulness. 


7 Palm takes the stand in the 
Microsoft antitrust case to say that 
handheld users need interoperabil- 
ity with Windows, too. 


8 Denial-of-service attacks 

are an even more serious threat 
now than two years ago, when 
they brought down several high- 
profile Web sites, including Yahoo 
and eBay. 


10 Oracle extends its hosting pro- 
gram beyond applications to data- 
bases and application servers. 

12 Storage Networking World 
provides a forum for storage ad- 
ministrators who say they badly 
need better management tools. 


: k For breaking news, updated 
1C twice daily, visit our Web site: 
I me www.computerworld.com/ 
q?q4000 


BUSINESS = 27 


27 Bart Perkins, in his first Com- 
puterworld column, tells IT leaders 
why managing their supplier rela- 
tionships makes good business 
sense. 


36 Microsoft Certified systems 
Engineers with Windows NT 4.0 
credentials are re-evaluating their 
training and career options in 
light of recent certification re- 
quirement changes imposed by 
Microsoft. 


38 Enterprise portals might be 
useful in helping companies estab- 
lish links with their employees, 
customers and business partners, 
but few companies have taken 
steps to measure the affect portals 
have on the bottom line. 


42 Workstyles: Steve Jarvis, vice 
president of e-commerce at Alaska 
Airlines, talks about the IT culture 
that has emerged in his company to 
meet competitive challenges in the 
airline industry. 


TECHNOLOGY 45 


45 Columnist Nicholas Petreley 
reviews the history of the Object 
File Store as an idea and looks to 
the arrival of the database. 


46 Radio-frequency tagging 
can cut costs by automating data 
acquisition in the supply chain. 


48 A big trucking company 
makes its enterprise database man- 
agement system directly available 
to Internet users. 


50 Emerging Technologies: 

64-bit computing will power a new 
generation of applications running 
on .Net Server and Intel’s Itanium. 


52 QuickStudy: A peer-to-peer 
network connects two or more PCs 
to share files and access to devices 
without a separate server. 


54 Security Manager’s Journal: 
Did someone steal critical source 
code? Mathias Thurman gathers 
evidence of a possible crime. But 
finding the culprit may not be easy. 


Maryfran Johnson offers 
three lessons for corporate IT in 
dealing with the Web as it matures 
from adolescence into adulthood. 


+t Pimm Fox warns about the 
increasing number of security 
holes being opened by the prolifer- 
ation of wireless networks. 


David Moschella is looking for 
good news in the IT industry amid 
the spate of recent bad news in- 
volving key vendors. 


Frank Hayes says the latest 
flap over the discovery of two new 
holes in Office XP only adds to Mi- 
crosoft’s image as a laughingstock 
when it comes to security. He 
thinks the company needs code- 
busters and a SWAT team to find 
and patch holes quickly. 


Editorial/Letters 
How to Contact CW 
Company Index 
Shark Tank 
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EARNINGS UPDATES 


For the latest about vendor earn- 
ings announcements, visit our 
IT Industry Earnings special 
coverage page. 


www.computerworid.com/q?7a1150 


DESKTOP LINUX? 


Linux won’t cut it on end users’ 
desktops unless it can run “must- 
have” Windows applications. 
Computerworld community 
member Charles A. Bushong 
weighs the Windows emulation 
options — and picks a winner. 
www.computerworld.com/q?a1780 


MICROSOFT IN COURT 


With testimony in the antitrust 
case’s remedy hearing now 
entering its fourth week, be sure 
to check for the latest updates 
from court on our Microsoft 
Legal Issues page. 
www.computerworld.com/mslegal 


HP/COMPAQ FIGHT 
CONTINUES 


Walter Hewlett is still fighting the 
planned merger in court, even as 
Hewlett-Packard and Compag re- 
veal their management plans for 
the newly created company. Get 
the latest on the HP/Compag deal. 
www.computerworld.com/q?a1650 








AT DEADLINE 


EDS Reorganizes 
Key Business Units 


Electronic Data Systems Corp. an- 
nounced plans to combine its IT and 
business-process outsourcing oper- 
ations into a single unit, effective 
April 15. The Plano, Texas-based 
company will also create a second 
new unit that combines its applica- 
tion services and IT implementation 
consulting businesses. No layoffs 
are planned as part of the moves, 
an EDS spokesman said. 


SEC Begins Formal 


Qwest Investigation 


Denver-based Qwest Communica- 
tions International Inc. said the Se- 
curities and Exchange Commission 
(SEC) has launched a formal inves- 
tigation into its accounting prac- 
tices. The SEC, which began an in- 
formal inquiry last month, is looking 
into issues related to Qwest'’s finan- 
cial results for 2000 and 2001. The 
company said it’s cooperating fully. 


Microsoft Warns of 
Holes in Win 2k, NT 


Microsoft Corp. issued software 
patches designed to fix two newly 
discovered security holes: one that 
affects Windows NT and Windows 
2000, and another that affects 
Windows 2000 only. The company 
gave a “moderate” severity rating 
to each vulnerability. The more seri- 
ous of the two could let attackers 
elevate user privileges or run mali- 
cious code on unprotected systems, 
Microsoft said. 


Short Takes 


Chicago-based DIVINE INC. an- 
nounced a deal to acquire VIANT 
CORP., a Boston-based Internet 
consulting firm that lost $72 million 
on revenue of $34.6 million last 
year. . . . Portsmouth, N.H.-based 
ENTERASYS NETWORKS INC. 
warned of losses and said that its 
CEO, chief operating officer and 
head of marketing are resigning. 
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Microsoft Seeks to 


Show .Net Is Real 


But many users are just beginning to 


BY CAROL SLIWA 
MICROSOFT CORP. 


executive will try | 


to show IT pro- 
fessionals “how 
-_Net and XML 


Web services are real today” | 


during this week’s TechEd 
conference in New Orleans, a 
company spokesman said. 


Microsoft plans to showcase 


corporations and vendor part- 
ners that are using its new .Net 
development environment to 
build real-world applications 


and XML-based Web services, | 
according to John Montgomery, | 
a group product manager for | 


the .Net platform. 


But .Net, which shipped in | 
February, has hardly become | 


pervasive in corporate produc- 


tion environments yet. Most | 
enterprise users are just start- | 


ing to explore .Net and Web 


services technologies, said sev- | 


eral analysts, early adopters 
and even Microsoft vendor 
partners last week. 


Gradual Adoption 


Mark Driver, an analyst at 


Stamford, Conn.-based Gartner 


Inc., said he expects .Net adop- | 


tion to be gradual over the next 
five years. 


“Most adoption is really go- | 
| ing to kick in next year,” he 
| said, adding that 


users “have very little choice.” 


But Driver said he routinely | 


advises his clients to avoid de- 


| ploying mission-critical appli- 
| cations that rely on .Net for at | 
| least six to nine months. 
Jon Stotts, a spokesman for | 
Microsoft partner iWay Soft- | 


ra 


One user finds that 
being ahead of the 
Net curve can be 
rough 


www.computerworld.com/q?28716 


| Visit Computerworld’s Applications/ 


Web Development knowledge center 


Microsoft | 


| 
| 
| 
| 





ware, a wholly owned sub- | 


sidiary of Information Builders 


Inc. in New York that makes | 


components to help integrate 
business applications, said his 


firm’s enterprise customers are | 
also showing great interest in | 


.Net and Web services. But 


none of the interested compa- | 
nies is beyond the proof-of- | 

| instance, has noted a 20% to 
very | 


concept stage. 

“Our customers are 
conservative, so it will prob- 
ably be a long time before 
the majority of our customers 


are implementing these solu- | 


tions,” Stotts predicted, noting 


that his firm’s clients include | 
many Fortune 100 companies. | 
He added that users “are still | 


| trying to figure out exactly 
how they’re going to improve 
| their business processes” by 


explore the new development environment | 


using .Net. 

But Driver said some firms 
may see advantages to using 
.Net today, particularly if they 
write Web applications, be- 
cause Microsoft’s ASP.Net is 
“heads and tails more power- 
ful” than its Active Server 
Pages predecessors. 

The life insurance division 
of Newport Beach, Calif.-based 
Pacific Life Insurance Co., for 


30% performance improve- 
ment in Web page delivery 
since switching to ASP.Net, ac- 
cording to Cameron Cosgrove, 
the division’s CIO. 

Cosgrove said that about six 
of his developers adopted Mi- 
crosoft’s beta tool last year and 
converted the division’s Web 
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Ts motes ane 
Showcase products, appli- 
cations and Web services built 

- on.Net. 


Launch new and beta ver- 
sions of .Net Enterprise Servers. 


Debut its first commercially 
available Web service for con- 
sumers. 


Instruct customers on Web 
services application architecture. 


Provide a road map of future 
enterprise direction. 


a 


site to ASP.Net. They also built 
two Web services to transfer 
information between the com- 
pany’s front end and database 
using XML-based messages 
sent via the Simple Object Ac- 
cess Protocol. 

Cosgrove said he’s been im- 
pressed with the .Net tool's 
ability to help developers more 
quickly build cleaner code 
that’s easier to deploy. D 


Belluzzo to Leave Microsoft Amid Reorganization 


Rick Belluzzo, Microsoft's president and chief operating 
officer and a force behind the growth of its Xbox and 
MSN efforts, is leaving the company, the software ven- 


dor announced last week. 


Belluzzo, 48, will step down as president and COO 
on May 1 and leave the company in September. The 
move comes as part of a broader reorgani- 
zation intended to give greater autonomy to 
the executives in charge of Microsoft's vari- 
ous product groups, the company said. 

Although Microsoft gave no specific rea- 
son for the departure, Belluzzo appears to 
have been the victim of an internal turf war, 
said Rob Enderle, an analyst at Giga Infor- 
mation Group Inc. in Cambridge, Mass. 

With the economy on the slide, Belluzzo 
was charged with making cutbacks at vari- 
ous business units, Enderle said. His posi- 
tion, which had been closer to that of presi- 
dent than COO, became more like that of a “glorified 
administrator . . . and that wasn't acceptable to him,” 
Enderle said, adding that at one time, Belluzzo was con- 
sidered a potential successor to CEO Steve Ballmer. 

“Given where Steve and | knew we needed to take 
the business, | decided it was the right time to pursue 
my goal of leading my own company,” Belluzzo said in 
the statement announcing his plans. 

Another analyst said Belluzzo's departure will be no 


great loss. 


“| don't think it's a particularly significant blow to Mi- 


Inc.. “It's hard to put your finger on anything he’s done 
that was particularly spectacular.” 
Belluzzo may have helped revive Microsoft's MSN 


online service, but the unit is “still not what you'd call 


tremendously successful,” Smith said. Belluzzo also 

doesn’t appear to be closely involved with the develop- 
ment of .Net, a key project for Microsoft that 
involves retooling its products to allow for 
the delivery of software and services over 


the Internet. 


“There's a definite culture clash between 
Rick and the company,” Smith said. “He's 
very soft-spoken. | don’t think that gets you 
very far at Microsoft.” 


As part of the reorganization, Microsoft 


DEPARTING Micro- 
soft COO Beliuzzo 


will be divided into seven business units: 
Windows Client, Knowledge Worker, Server 
and Tools, Business Solutions, CE/Mobility, 
MSN, and Home and Entertainment. The 
leaders of each unit will have “comprehensive opera- 
tional and financial responsibility and greater account- 
ability,” Microsoft said. 

Belluzzo, a former CEO at Mountain View, Calif.- 
based Silicon Graphics Inc., joined Microsoft in Sep- 
tember 1999 as vice president of its consumer group. 
As president and COO, he has overseen Microsoft's 


worldwide sales and marketing; directed its human 


resources, finance and licensing operations; and over- 


seen its efforts in the areas of computer games and 


crosoft,” said David Smith, a senior analyst at Gartner 


TV platform software. 
~ James Niccolai, IDG News Service 
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Palm: Handheld Integration Key for Users 


Company argues at trial for greater 
access to M icrosoft technical data 


BY PATRICK THIBODEAU 
WASHINGTON 

The battle for the enterprise 
among handheld vendors is be 
ing fought not just in the mar- 
ketplace, but also in the court- 
room of the Microsoft Corp. 
antitrust trial. 

It was there that Michael 
Mace, a senior Palm Inc. offi- 
cial, last week urged U.S. Dis- 
trict Court Judge Colleen Kol- 
lar-Kotelly to impose a remedy 
that would guarantee Palm ac- 
cess to the technical data it 
needs for interoperability with 
Microsoft products. 

Interoperability is 
Mace said. “Microsoft has al- 
ready started to use its posi- 
tion to withhold technical in- 
formation from Palm, and it 
has attempted to severely dam- 
age Palm’s ability to compete 
with Windows,” Mace alleged 
in his testimony. 

The nine states that have re- 
fused to sign the Bush adminis- 
tration settlement want a rem- 


edy that includes protections | 
substitutes, 


for potential PC 
such as handhelds. Those pro- 
focused 
competitors 


tections are on en- 
suring that 
achieve interoperability with 
Windows. 

That’s 
end 
long been used by corpora- 
tions, initially on an ad hoc ba- 
sis by executives. But more 
companies are adopting hand- 
helds as part of broader enter- 


can 


a key issue for some 


users. Handhelds 


prise strategies, say analysts. 
Vince Marbibi, applications 
manager at Austin, Texas, law 
firm McGinnis Lochridge & 
Kilgoe LLP, was an early 
adopter of handhelds, having 
rolled out Palm OS-based de- 
vices to his legal staff more 
proceedings, visit our 


ick 


www.computerworld.com/q?28717 

Read Computerworld’s ongoing coverage ( 
the Microsoft antitrust case: 
www.computerworld.com/q?st100 


For more information 
about the remedy 


| device,” 


critical, | 


have | 


| agreement, 


than a year ago. But next time, 
he says, he might go the Micro- 
soft route. 

The problem, said Marbibi, 
is out-of-the-box configuration 
with Windows desktops. “It 
would take me half the time to 
set up a [Windows] CE device 
than it would to set up a Palm 
he said. 

That’s one of the issues that 
corporate IT managers face, 
said Ken Dulaney, a San Jose- 


| based analyst at Gartner Inc. 


Handhelds go through a proc- 


| matically 
| stored on a PC 


ess of synchronization to auto- 
merge with data 
or server, such 


| as messaging and calendaring 


| synchronization tool 


information in Outlook. 
“Microsoft should make the 
available 


| for more than legal reasons,” 


| said Dulaney. “By 
| available to Palm, 


| everyone 


| like 


| es Association 


| Palm OS. 


making it 
they satisfy | 
more Outlook users. Forcing 
to use Pocket PC is 
forcing everyone to use 
the same watch.” 

Jeneane Brian, CEO and 
president of the Visiting Nurs- 
Home Health 
Ana, Calif., 
says she’s committed to the 
The association has 


Systems in Santa 


DoubleClick Settlement May 
‘Affect Corporate IT Policies 


New benchmarks 
for online privacy 


could emerge | 


PATRICK THIBODEAU 
ON 

In January 2000, DoubleClick 

Inc.’s stock was soaring, reach- 

ing about $135 per share. But 

then came the lawsuits with 


| allegations that the online ad- 
planned to | 


vertising firm 
merge information about peo- 


ple’s Web-browsing activities | 


with personal identifiers. Six 
months later, even before the 
dot-com bubble burst, Double- 
Click’s share price had tum- 
bled to the mid-$30s. 


DoubleClick put that plunge | 


behind it late last month when it 


settled the lawsuits. But other | 


firms may face similar problems 
if DoubleClick’s $1.8 


tive for more privacy lawsuits. 

The settlement may also in- 
fluence corporate information 
practices, privacy experts said 
last week. The terms of the 
which include au- 
tomatic cookie expiration after 
five years and an independent 


million | 
settlement is seen as an incen- | 


audit of DoubleClick’s privacy 
practices, are possible corpo- 
rate benchmarks. The settle- 
ment has “the potential for be 
ing a foundation on which oth- 
might 
practices,” 
Smith, an e-commerce privacy 
expert at the law firm Mayer, 
Brown & Platt in Washington. 

litigation is a rela- 
tively new area, and there have 
been few law-shaping cases or 
actions by 
Trade Commis- 


er businesses 


their said Brian 


Privacy 


enforcement 
U.S. Federal 


Why It Matters 


change | 


the | 


Forcing every- 
one to use Pocket 
PC is like forcing 
everyone to use 
the same watch. 


KEN DULANEY, ANALYST, 
GARTNER INC. 


equipped its clinicians with 
handhelds that contain patient 
data that’s entered via an Inter- 
net connection and ultimately 
stored on Microsoft SQL Serv- 


sion. But key decisions are 
emerging. In January, 
stance, the FTC settled a case 
against Indianapolis-based Eli 
Lilly and Co. over the compa- 

| ny’s inadvertent release of cus- 

| tomer e-mail addresses. The 
FTC settlement stipulated spe- 

| cific information security prac- 
tices for the drug maker. 


for in- 


Industrywide Impact 

These cases “are very influ- 
| ential, important,” said 

William Paukovitz, chief priva- 
and assistant vice 
president at Fireman’s Fund 
Insurance Co. in Novato, Calif. 
Privacy litigation tests the 
“true meaning” of the law, 
Paukovitz said, adding, “I try to 
keep my eye on what’s going 


very 


cy officer 


attention as a possible best practice. A court hearing to finalize 
the settlement is set for next month. 
EFFECT ON IT: Cookies expire after five years; an indepen- 


i| 
DoubleClick’s pending privacy settlement will get corporate 


EFFECT ON E-COMMERCE: The 


dent audit of privacy practices is required. | 
a | | 
cam- | 


DoubleClick to conduct a 


. 


er and viewed with Access. 

“I have not suffered from the 
fact that we are on Microsoft 
operating in the office and a 
Palm OS out in the field,” said 
Brian. Nonetheless, she said 
she’s concerned that the situa- 
tion change and sup- 
ports giving Palm greater ac- 


could 


cess to technical data. 
Although Windows gives IT 
managers 
CE, one user of IBM’s Lotus 
Notes said the application syn- 


a reason to move to 


chronizes to his company’s 
Palm devices without prob- 
lems. “If it didn’t work well 
with our mail or calendaring 
tool, then we would have some 
serious problems,” said Mike 
Finch, director of application 
support at City Utilities of 


Springfield in Missouri. B 


on in all of [the cases].” 

While DoubleClick’s settle- 
ment may encourage more liti- 
gation, it also illustrates the 
difficulties inherent in such a 
privacy U.S. District 
Judge Naomi Reice Buchwald 
rejected the federal 
New York against DoubleClick, 
which was also filed in several 
state courts, in part because 
U.S. wiretapping and fraud 
laws cited didn’t apply to new 


action. 


case in 


technologies, such as cookies. 

“Existing laws were not nec- 
essarily enacted to deal with 
the Internet and Internet com- 
merce,” said Carlyn Clause, a 
privacy expert at Fenwick & 
West LLP in San Francisco. 

Denise Garcia, an analyst 
at Stamford, Conn.-based Gart- 
ner attributes Double- 
Click’s stock plummet in 2000 
to its privacy problems. But 
she said she settle- 
ment, with its requirements for 
consumer choice and a public 
information campaign, as hav- 
| ing an industrywide impact. 

“Most [Web] sites will be in- 
spired or be pressured by their 
audience to tell them what 
their privacy policy is. At this 
point, users really aren’t aware 
of how they are being tracked,” 
she said. D 


www.computerworld.com/q?s1200 


Inc., 


sees the 


Read more about 
privacy issues at 
Computerworld's 
special focus page 





EDS ee 
Key Business Units 


Electronic Data Systems Corp. an- 
nounced plans to combine its IT and 
business-process outsourcing oper- 
ations into a single unit, effective 
April 15. The Plano, Texas-based 
company will also create a second 
new unit that combines its applica- 
tion services and IT implementation 
consulting businesses. No layoffs 
are planned as part of the moves, 
an EDS spokesman said. 


SEC Begins Formal 
Qwest Investigation 


Denver-based Qwest Communica- 
tions International Inc. said the Se- 
curities and Exchange Commission 
(SEC) has launched a formal inves- 
tigation into its accounting prac- 
tices. The SEC, which began an in- 
formal inquiry last month, is looking 
into issues related to Qwest's finan- 
cial results for 2000 and 2001. The 
company said it’s cooperating fully. 


Microsoft Warns of 
Holes in Win 2k, NT 


Microsoft Corp. issued software 
patches designed to fix two newly 
discovered security holes: one that 
affects Windows NT and Windows 
2000, and another that affects 
Windows 2000 only. The company 
gave a “moderate” severity rating 
to each vulnerability. The more seri- 
ous of the two could let attackers 
elevate user privileges or run mali- 
cious code on unprotected systems, 
Microsoft said. 


Short Takes 
Chicago-based DIVINE INC. an- 
nounced a deal to acquire ViAN 
RP., a Boston-based Internet 
consulting firm that lost $72 million 
on revenue of $34.6 million last 
year. . . . Portsmouth, N.H.-based 


NTERASYS NETW 


VIERA 4 ORKS IN 


warned of losses and said that its 
CEO, chief operating officer and 


head of marketing are resigning. 


NEWS 


icrosoft Seeks to 
Show .Net Is Real 


But many users are just beginning to 
explore the new development environment 


BY CAROL SLIWA 
MICROSOFT CORP. 
executive will try 
to show IT pro 
fessionals “how 
.Net and XMI 
real today” 
lecht d 


in New Orleans, a 


Web 
during 


services are 
this week's 
conference 
company spokesman said 
Microsoft plans to showcas¢ 
corporations and vendor part 
.Net 
environment to 


ners that are using its new 
development 
build real-world applications 
and XML-based Web 
according to John Montgomery, 


services, 


a group product manager for 
the .Net platform. 

But .Net, which shipped in 
February, has hardly 
pervasive in corporate produc 
tion Most 
enterprise users are just start- 
.Net and Web 


services technologies, said sev 


become 
environments yet. 
ing to explore 


eral analysts, early adopters 


and even Microsoft vendor 


partners last week 


Gradual Adoption 

Mark 
Stamford, Conn.-based Gartner 
-Net adop 
tion to be gradual over the next 


Driver, an analyst at 


Inc., said he expects 


five years. 

“Most adoption is really go 
ing to kick in next year,” he 
adding that Microsoft 
“have very little choice. 


said, 
users 

But Driver said he routinely 
advises his clients to avoid de 
ploying mission-critical appli 
-Net for at 
least six to nine months. 

Jon Stotts, 


cations that rely on 


a spokesman for 


Microsoft partner iWay Soft 


aa: 


Link 


www. computerworld. comiq?2676 
Visit Computerworld Apr Cal 


Web Development knowledge center 


www.computerworld.com/q?k1100 


ware, a wholly owned sub 
sidiary of Information Builders 
Inc. in New York that makes 
components to help integrate 
business applications, said his 
firm’s enterprise Customers are 
also showing great 


-Net and Web 
none of the 


interest in 
services. But 
interested compa 
nies is beyond the proof-of 
concept stage 

“Our 


customers are very 


conservative, so it will prob 


ably be a long time before 


the majority of our customers 
are implementing these solu 
tions,” Stotts predicted, noting 
that his firm’s clients include 
Fortune 


many 100 companies. 


He added that users “are still 


trying to figure out exactly 
how they’re going to improve 
their 
using .Net 


But Driver said some 


business processes” by 
firms 
may see advantages to using 
-Net today, particularly if they 
write Web applications, be 
Microsoft’s ASP.Net is 
and tails more 
ful” than its Active 
Pages predecessors. 
The life division 
of Newport Beach, Calif.-based 
Pacific Life 


instance, 


cause 
“heads power- 


Server 
Insurance 


Insurance Co., for 
has noted a 20% to 
30% performance 
ment in Web page delivery 
since switching to ASP.Net, ac 
cording to ¢ 


improve 


-ameron Cosgrove, 
the division’s CIO. 
Cosgrove said that about six 
of his developers adopted Mi 
crosoft’s beta tool last year and 


converted the division’s Web 
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TechEd Preview 


At this week’s event, Micro- 
soft plans to: 


s>howcase products, appli 
cations and Web services built 
on .Net 
new and beta ver 
sions of .Net Enterprise Servers 
D it its first commercially 
available Web service for con 
sumers. 
t t customers on Web 
services application architecture 


aroad map of future 
enterprise direction 


site to ASP.Net. 
two Web 
information between the com- 


They also built 


services to transfer 


pany’s front end and database 


XMI 
sent via the Simple Object Ac- 


using based messages 
cess Protocol. 

Cosgrove said he’s been im- 
-Net 
ability to help developers more 
quickly build 
that’s easier to deploy. D 


pressed with the tool’s 


cleaner code 


Belluzzo to Leave Microsoft Amid Reorganization 


Rick Belluzzo, Microsoft's president and chief operating 
officer and a force behind the growth of its Xbox and 
MSN efforts, is leaving the company, the software ven- 


dor announced last week. 


Belluzzo, 48, will step down as president and COO 
on May 1 and leave the company in September. The 
move comes as part of a broader reorgani- 
Zation intended to give greater autonomy to 
the executives in charge of Microsoft's vari- 
ous product groups, the company said. 

Although Microsoft gave no specific rea- 
son for the departure, Belluzzo appears to 
have been the victim of an internal turf war, 
said Rob Enderle, an analyst at Giga Infor- 
mation Group Inc. in Cambridge, Mass. 

With the economy on the slide, Belluzzo 
was charged with making cutbacks at vari- 
units, Enderle said. His posi- 
tion, which had been closer to that of presi 
dent than COO, became more like that of a “glorified 
and that wasn’t acceptable to him,” 
Enderle said, adding that at one time, Belluzzo was con 
sidered a potential successor to CEO Steve Ballmer 

“Given where Steve and | knew we needed to take 
the business, | decided it was the right time to pursue 
my goal of leading my own company,” Belluzzo said in 
the statement announcing his plans. 

Another analyst said Belluzzo’s departure will be no 


ous business 


administrator 


great loss. 


“| don’t think it’s a particularly significant blow to Mi- 


nc.. “It's hard to put your finger on anything he’s done 
that was particularly spectacular.” 
Belluzzo may have helped revive Microsoft's MSN 


online service, but the unit is “still not what you'd call 


tremendously successful,” Smith said. Belluzzo also 

doesn't appear to be closely involved with the develop- 
ment of .Net, a key project for Microsoft that 
involves retooling its products to allow for 
the delivery of software and services over 


the Internet 


“There's a definite culture clash between 
Rick and the company,” Smith said. “He's 
very soft-spoken. | don’t think that gets you 
very far at Microsoft.” 


As part of the reorganization, Microsoft 


DEPARTING Micro- 
soft COO Belluzzo 


will be divided into seven business units: 
Windows Client, Knowledge Worker, Server 
and Tools, Business Solutions, CE/Mobility, 
MSN, and Home and Entertainment. The 
leaders of each unit will have “comprehensive opera- 
tional and financial responsibility and greater account- 
ability,” Microsoft said 

Belluzzo, a former CEO at Mountain View, Calif.- 
based Silicon Graphics Inc., joined Microsoft in Sep- 
tember 1999 as vice president of its consumer group 
As president and COO, he has overseen Microsoft's 


worldwide sales and marketing; directed its human 


resources, finance and licensing operations; and over- 


seen its efforts in the areas of computer games and 


crosoft,” said David Smith, a senior analyst at Gartner 


TV platform software 
~- James Niccolai, IDG News Service 





COMPUTERWORLD April 8, 2002 


Palm: Handheld Integration ne fa er 


Company argues 


at trial for greater 


access to Microsoft technical data 


BY PATRICK THIBODEAU 


rhe battle for the enterprise 


among handheld vendors is be 
ing fought not just in the mar 
ketplace, but also in the court 
room of the Microsoft ( orp 
intitrust trial 

that Michac 
Palm Ine. offi 


urged U.S. Dis 


It was there 
M Ce, 


sal. lect 
Clal, last 


a senior 
week 
trict Court Judge Colleen Kol 
lar-Kotelly to impose a remedy 


that would guarantee Palm ac 


t 


i 
needs for interoperability with 


cess to the technical data 


Microsoft products 
Interoperability is critical, 
Mace said. “Microsoft has al 
ready started to use its posi 
tion to withhold technical in 
Palm, and it 


formation from 


has attempted to severely dam 
» Palm’s ability to compete 
with Windows,” Mace alleged 
in his testimony. 
[he nine states that have re 
fused to sign the Bush adminis 


tration settlement want a rem 
edy that includes protections 
for potential PC substitutes, 


such as handhe Those pro 
tections are focused 


that 


Key Issue [or 


users. Handhelds 


been used 


some 
end have 
| 

hone by corpora 


tions, initially on an ad hoc ba 


sis by executives. But more 
companies are ado 
Ids as part of f 
prise strategies, say 
Vince Marbibi, applications 
manager at Austin, Te) 
McGinnis 
LEP, 


idopter of 


firm Lochridg 


Kilgo was an early 
handhelds, | 
Palm OS-based de 


gal staff 


laving 


morc 


Quick | 
Link® 


www.computerworld.com/q?28717 


www.computerworld.com/q?s1100 


than a year ago. But next time, 
he says, he might go the Micro 
soft route 

Marbibi 


The problem, said 


is out-of-the-box configuration 
Windows desktops. “It 


would take me half the time to 


with 


a [W indows] CE device 
a Palm 


set up 
ihan it would to set up 


de \ ice, he Si iid. 


hat’s one of the issues that 


corporate IT managers face 


said Ken Dulaney, a San Jose 


based analyst at Gartner Inc 


Handhelds go through 


a proc 


ess of sy 1} to auto 
matically merge with data 


store nat T ‘rver, such 


as Messaging endaring 
tlOOK 
would make 
tool availat 
said Du 
available 
Outlook Forcing 


more users 


everyone to use Pocket PC is 


like forcing every 


Home Health 


Ana 


DoubleClick Settlement May 
Affect Corporate IT Policies 


New benchmarks 
for online privacy 
could emerge 


PATRICK THIBODEAU 


In January 2000, DoubleClick 


Inc.’s stock was soaring, ! 
' 
snare 


tbout $135 


came the lawsuits 
ations that the online 


vertising firm planned 


merge information about peo 


ple’s )-browsing activities 
with sacead identifiers. Six 
even betore the 


Double 


months later, 
dot-com bubble burst 


Click’s share price had tum 


bled to the mid-$30s 


DoubleClick put that plunge 


behind it late last month when 


1 the lawsuits. But other 


settle 
firms may face similar problems 


if DoubleClick’s SL.8 million 


settlement is seen as an incen 


tive for more privacy lawsuits 


The settlement may also in 
formation 


perts said 


fluence corporate in 


practic es, privacy ex 
last week. The terms of the 
agreement, which include au 
tomatic cookie expiration after 


five years and an independent 


iudit of DoubleClick’s privacy 
practices, ie Corpo 
rate benchmarks. The settle 
ial for be 
which oth 
wt change 
id Brian 
ymmerce privacy 
iw firm 


Mayer 
n Washington 


snaping Cases or 
tions by the 


Commis 


Trade 


Why It Matters 


Forcing every- 
one to use Pocket 
s like forcing 
everyone to use 
the same watch. 


KEN DULANEY, ANALYST 
GARTNER INC 


stored on Microsoft SQL Ser 


January, for in 

‘e, the FTC settled a case 
against Indianay 

Lilly 


ny sll 


vlis-based Eli 
ind Co. over the compa 
ladvertent release of ¢ 
tomer e-mail addresses 
FTC settlement stipulated 
cific information security 


tices for the drug maker 


Industrywide Impact 


These cases “are ver 


ential, very important, 
William Paukovitz, 


\ ff} 


cy officer and assistan 


president at Fireman’s 
Insurance Co. in Novato, ¢ 
Privacy litigation tests 
“true meaning” of the 
Paukovitz said, adding 


keep my eye on whi t 


DoubleClick’s pending privacy settlement will get corporate 
attention as a possible best practice. A court hearing to finalize 


the settlem 


ent is set for next month. 


EFFECT ON IT: Cookies expire after five years; an indepen- 
dent audit of privacy practices is required. 





EFFECT ON E-COMMERCE: The settlement requires 
DoubleClick to conduct a privacy information education cam- 
paign. With 300 million advertisement banners, consumer 
awareness of privacy will increase. 





EFFECT ON POLITICS: Trade groups want Congress to 
bar private lawsuits in privacy cases and leave enforcement to 
state and federal authorities. The DoubleClick settlement will 
be cited by privacy advocates as a good reason for allowing 


private action. 


www.computerworld.com/q?s1290 











NEWS 


Denial-of-Service 
Attacks Still a Threat 


Two years after high-profi le hits, IT struggles 
to fend off m more sophisticated attackers 


BY JAIKUMAR VIJAYAN 

ENIAL-OF-SERVICE 

(DOS) attacks 

continue to pre- 

sent a significant 

security threat | 

to corporations two years af- 

ter a spate of inci- 

dents brought down 

several high-profile 

sites, including those of Ya- 

hoo Inc. and eBay Inc., 
and analysts report. 

Since then, several technolo- 

gies have emerged that help 

users detect and respond to 

DOS attacks far more quickly 

and effectively than before. But 

the increasingly sophisticated 

attack methods and the grow- 


ing range of systems targeted in | 


DOS attacks continue to pose a 


users | 


| challenge. “In that sense, 
tools are always only trying to 
catch up” with the threat, said 
Raj Raghavan, a vice president 
at SiegeWorks Enterprise Se- 
curity Solutions, a Pleasanton, 

| Calif.-based integrator of secu- 

rity technologies. 
DOS 


computer systems in- 
accessible by flooding servers 
| or networks with useless traf- 
| fic so that legitimate users 
| can no longer gain access to |} 
| 


those resources. In distrib- 
uted DOS (DDOS) 
malicious hackers use 
dreds and sometimes even 
thousands of previously com- 
promised computer systems to 
launch assaults against a net- 
| work or server. 


the | 


attacks make 


attacks, 
hun- | 





During a three-week period 


| o 
in mid-2001, researchers from 


the University of California, 
San Diego, detected approxi- 
mately 12,800 DOS attacks 
against more than 5,000 tar- 
gets. Recent examples include 
attacks against the World Eco- 
nomic Forum’s Web site in 
February as well as those that 
drove British Internet service 


provider CloudNine Commu- | 
| called 


nications out of business ear- 
lier this year. 


Increasing Menace 


“The threat is a lot worse | 
today than two years ago.” said | 
Harris Miller, president of the | 
Information Technology Asso- | 
ciation of America (ITAA) in | 
There are lots of 


Arlington, Va. “ 
indications that since Sept. ll, 
the number of DOS attacks 
have greatly increased.” 


The ITAA is acting as the co- | 


ordinator of an industry body 


Cost, Other Priorities Stall Use of DOS Detection/Response Tools 


Several vendors offer early-detec- 
tion and response tools for dealing 
with DOS attacks. The main focus 
of such technologies is to quickly 
give IT managers the information 
needed to filter out malicious traffic 
while letting in legitimate users. 

Just last week, for instance, 
Waltham, Mass.-based Arbor Net- 
works Inc. launched an enhanced 
version of its Peakflow DoS soft- 
ware that uses network information 
gathered from a user's Cisco Sys- 
tems Inc. firewall to identify and 
filter out bad traffic. 

Arbor's Peakflow DoS software 
is just one in a growing list of prod- 
ucts available. Other products in- 
clude the following: 

w DDoS Enforcer from Mazu 
Networks inc. in Cambridge, Mass. 

@ Attack Mitigator from Top Lay- 
er Networks Inc. in Westboro, Mass. 

w Vantage System from Asta 
Networks Inc. in Seattle. 

@ CaptlO from Captus Networks 
Corp. in Woodland, Calif. 

Most of these products work 


by comparing live network traffic 
against some previously defined 
baseline and by alerting users if 
there is a significant divergence 
from that baseline. The alerts might 
be based on a comparison of byte or 
packet rates, traffic that's directed at 
specific resources, traffic that origi- 
nates from specific IP addresses or 
spikes in network traffic. 

Despite the early-detection ca- 
pabilities offered by such technolo- 
gies, user adoption so far appears 
to be very slow, said Michael Ras- 
mussen, an analyst at Cambridge, 
Mass.-based Giga Information 
Group Inc. 

For one thing, the tools aren't 
cheap. Deploying some of these 
products can mean shelling out 
anywhere from $75,000 at the low 
end to more than $1 million for a 
large enterprise installation. The 
tools are most effective only when 
they are installed not just on the 
edge of corporate networks, but 
also in service provider networks 
as well, analysts said. 








Many companies also have their 
hands full dealing with other secu- 
rity, regulatory and privacy issues 
and may be giving a lower priority 
to DOS threats, Rasmussen said 

“The DOS threat is just one of 
the security issues that users are 
worried about,” agreed Charles 
Kolodgy, an analyst at Framingham, 
Mass.-based IDC. 

House of Blues Entertainment 
Inc. in Los Angeles exempiifies that 
point. Although the company would 
like to have a DOS tool in place, it 
has no plans to do so right now 
because of other priorities, said 
Steve LaBrie, director of network 
operations. “I'm concerned about 
DOS, but it is not fiscally viable to 
roll out anything now,” he said. 

Many companies have already 
beefed up their firewalls, intrusion- 
detection systems and load-balanc- 
ing capabilities against DOS threats 
and therefore may be reluctant to 
deploy separate anti-DOS technol- 
ogy, analysts said. 

~- Jaikumar Vijayan 


| Inc. 
launched to overwhelm a tar- | 
| get’s Web site, CPU, memory, 





}| It can 
advantage of known flaws in 
} | products, Lindstrom said. 


1 | tacks are 
}| DOS 


|| lived bursts of spurious traffic 
| directed at a target from multi- 
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Tips to Help Prevent a DOS Attack 


® Regularly review publicly available information on recent security vulner- 
abilities and incidents. It helps in configuring and updating your public Web 


server against new forms of attacks. 
= Regularly update your DOS detection tools to discover new patterns 


or events (resulting from new or updated attacks taking advantage of new 


vulnerabilities). 


a = Update firewall-filtering mechanisms to deny new attacks. 
Ss w Temporarily disable specific services that might be vulnerable. 


a w Augment your alerting procedures. 


= Work with your Internet service provider to understand what precautions 
have been taken to guard against DOS attacks. 


® Get a configuration that uses multiple connections built from different 
network backbones. This will help switch public Web servers to another 
connection in the event of a DDOS attack. 


the IT Information 
Sharing and Analysis Center, 
which was created early last 
year to share information and 
find ways of dealing with DOS 
and other security threats. 

Part of the problem with 
DOS attacks is the sheer num- 
ber of ways in which they can 
operate, said Pete Lindstrom, 
an analyst at Framingham, 
Mass.-based Hurwitz Group 
A DOS attack can be 


network bandwidth or routers. 
also work by taking 


Degradation-of-service at- 
another variation. 
Such assaults, which are more 
difficult to detect than other 


attacks, involve short- 


ple sources and are aimed at 

slowing network performance. 
“It would be a fairly straight- 

forward issue to handle if such 


| attacks originated and termi- 
| nated with the same network,” 
| said Jeff Ogden, 
| high-performance networks at 
| Ann Arbor, Mich.-based In- 


director of 


ternet service provider Merit 
Network Inc. 
The problem arises because 


almost all DOS attacks involve | 
| multiple networks and attack 


sources, many of which have 
spoofed IP addresses to make 
detection even harder, accord- 


| ing to Ogden. 


So completely choking off 
the offending traffic requires 


| network administrators to call 





upstream service providers, 
alerting them to the attack and 
having them shut down the 
traffic. That process has to be 
repeated all the way back to 
every attack source. D 


Online Resources 


| Distributed Denial of Service 


Attacks/Tools 


| http://staff.washingten.edu/ 


dittrich/misc/ddos/ 
Links to many resources about DDOS 
attacks; maintained by the University 


| of Washington in Seattle. 


“Strategies to Protect Against 
Distributed Denial of Service 
Attacks” 


| www.cisco.com/warp/public/ 
| 707/newsflash.html 
| This white paper explains the basics 


of DDOS attacks and prevention 
strategies; provided by Cisco Sys- 
tems Inc. 


Overview of Scans and ppos — 
Attacks 

www.nipc.gov/ddos. pdf 

An executive summary of scans and 
DDOS attacks from the FBI's National 
Infrastructure Protection Center. 
(Download Portable Document 
Format files.) 


Preventing a DDOS Attack 
www.jmu.edu/computing/ 
info-security/engineering/issues/ 
ddos.shtml 

Guidelines for preventing an attack 
and links to resources; provided 


| by James Madison University in 


For more information 


Harrisonburg, Va. 
about DOS attacks, 
visit our Security 


Knowledge Center 


www.computerworld.com/q?k1600 





Consider the facts. According to IDC, for every 1,000 knowledge workers, your 


enterprise wastes $7.5 million a year looking for and reworking information that already exists 


Inktomi can help. Our XML-enabled knowledge retrieval solutions, tightly integrated with your 
business critical applications, allow people to find and react in real-time to information spread 
across your global enterprise. By connecting the right content to the right person at the right time, 
Inktomi makes your organization far more efficient and competitive. Best of all, Inktomi requires 


minimal IT resources to deploy and maintain, delivering an extremely low total cost of ownership 


For the most effective real-time information management, insist on Inktomi® Enterprise Search 


It's just one of a comprehensive suite of scalable network infrastructure applications many of 


the leading FORTUNE 1000 companies regard as essential to their enterprises 


You'll find it essential to yours 


www.inktomi.com/search 





United, IBM Finish 


Initial DB2 Rollout . . | 


United Air Lines Inc. said IBM has 
completed implementing the first 
phase of a DB2-based data ware- 
house for the airline. More than 1TB 
of customer and operations data is 
currently stored in the data ware- 
house for use in analyzing passen- 
ger destination trends. Chicago- 
based United said data from its call 
centers, ticket counters and airport 
kiosks will be added in the future. 


. . . And Delta Triples 


Its Check-in Kiosks 
Delta Air Lines Inc. said it plans to 
install 300 new self-service check- 
in kiosks at U.S. airports this year, 
which would more than triple the 
number it now operates. Atlanta- 
based Delta said the number of air- 
ports where it has kiosks will in- 
crease from 30 to 80. The airline 
will also increase the functionality of 
the devices so they can be used by 
passengers with electronic tickets. 


McData (1 Sales Hit 


By Order Reductions 


Broomfield, Colo.-based storage 
switch maker McData Corp. said its 
first-quarter revenue could be as 
much as 20% below expectations 
due to order reductions made last 
month by its largest customer, a 
reference to EMC Corp. Hopkinton, 
Mass.-based EMC declined to com- 
ment specifically but said its mix of 
purchases from different suppliers 
“varies from time to time.” 


Short Takes 


HEWLETT-PACKARD CO. won a 
five-year IT outsourcing contract 
valued at about $88 million from 
EUROPEAN AERONAUTIC DEFENCE 
AND SPACE CO. in Munich, Ger- 
many. . .. STORAGE TECHNOLOGY 
CORP. in Louisville, Colo., extended 
an outsourcing deal with ELEC- 
TRONIC DATA SYSTEMS CORP. in 
Plano, Texas, to run through 2012. 


| 


| sourcing 





| six months ago for the applica- 
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Oracle Extends Outsourcing 


‘To 91 Database, App Server 


Users: Companies can offload software 
administration but need to weigh costs 


| BY MARC L. SONGINI 


RACLE CORP 
offered software 
management and 


hosting services | 


to users of its 


business applications for the | 
past three years. Now, it’s ex- | 
tending the outsourcing pro- | 
gram to its database and appli- | 


cation server software. 

Oracle last week announced 
that 
management 


services avail- 


able for its Oracle9i product | 
line. Users will be able to have | 


Oracle host the software for 


them, or they can install it in | 
their own data centers or in | 
third-party facilities and get | 


remote support from Oracle. 
The outsourcing 


burdens 


200 customers have already 
signed up for Oracle9i out- 
under an early- 
adopter program that began a 
year ago for the database and 


| tion server. 


lhat’s similar to the number 
of outsourcing deals that Ora- | 
| cle claims to have with users of 
| its E-Business Suite lli applica- | 
| tions. But some users and ana- | 
lysts said there are obstacles to | 
Oracle’s strategy to further ex- | 


| pand its outsourcing reach. 


| determine 


Weighing the Options 
Potential customers need to | 
do a cost-benefit analysis to | 


whether database 
or application server outsourc- 


ing is right for them, said Tom | 


Wyatt, president of the inde- 
pendent Oracle Applications 


| Users Group, which is based in | 


| Atlanta. Wyatt works as direc- 


| Corp., a customer service out- 


tor of Oracle systems at Sitel 


it’s making outsourced | 


offer is | 
| meant to save money and ease 
| management 
| users, according to Oracle. The 
| company added that more than 


for | 


| sourcing firm in Baltimore. 


has | For some companies, espe- | 


cially larger ones, ensuring the 
security of their 
might outweigh the desire to 


databases | 


| at Boston-based Summit Strat- 
| egies Inc. 
To win the trust of potential 
outsourcing customers, Mc- 
Cabe said, Oracle has to offer 
| compelling pricing and top- 
notch availability and perfor- 
mance levels on the 9i soft- 
ware, as well as rapid response 
times when problems occur. 


save money by having a third- | 


party firm such as Oracle han- 
dle the software administra- 
tion work, Wyatt said. 


But Paige O'Neill, senior di- 
| rector of outsourcing market- | 


ing at Oracle, said the compa- 
ny’s data center has been fully 
audited for security capabili- 


ties. Oracle also plans to work | 
with network services firms to | 
provide secure virtual private | 
network connections to other | 
data centers where servers are | 
| facility. But if something goes 


located, she added. 
Application — service 
viders as a whole haven't taken 


pro- 


off with large corporate users, | 


said Laurie McCabe, an analyst 


Winning Converts 
William MacLeod is one 
user who's already sold on 


database outsourcing. He's the | 


vice president of IT at Telford, 
Pa.-based Accu-Sort Systems 
Inc., which has been relying on 
Oracle for round-the-clock 
management of its database for 
the past year. 


A maker of industrial bar- | 


code scanners, Accu-Sort in- 
stalled the database at its own 


wrong with the software, a 


| database administrator at Ora- | 
cle receives an alert and ad- | 
dresses the problem remotely. | 





Outside 
Management 


Details about the new Oracle9i 
software management out- 
sourcing program: 

WHERE THE SOFTWARE RESIDES: 
Users have a choice: The software can be 
installed at Oracle, in their own data centers 
or at data centers run by other hosting 


HOW IT WORKS: Pretuned software and 
server bundles are installed, and Oracle is 
responsible for monitoring, managing and 


| upgrading the systems 


WHAT IT COSTS: Software license fees 
and technical support contracts are un 
changed. The rest of the cost depends on 
who hosts the software 


The deal has reduced in-house 
database management head- 
aches, said MacLeod, adding 
that he’s investigating the idea 
of letting Oracle host and man- 
age Accu-Sort’s applications. D 


Upgrades, Image Makeover on Tap at Oracle Conference 


At its Oracle AppsWorld confer- 
ence in San Diego this week, Ora- 
cle is expected to prod holdout 
users to upgrade to the latest re- 
lease of its business applications. 
But users and analysts said the 
software vendor also needs to ap- 
pear more user-friendly in order to 
buff up its image with customers. 

Oracle doesn't plan to make 
any major product announce- 
ments at the conference. Instead, 
the company will once again try to 
pitch users on the value of migrat- 
ing to the Web-based E-Business 
Suite Tli applications that it re- 
leased two years ago, said Fred 
Studer, vice president of E-Busi- 
ness Suite marketing at Oracle. 

Early iterations of 1li were 
plagued with bugs, and users also 
complained about customer ser- 
vice lapses. Oracle has largely sta- 
bilized the software and beefed up 
its ability to meet demands for 


technical support, according to 
users and analysts. Nevertheless, 
it may still have to confront some 
user concerns about upgrades at 
AppsWorld, they said. 

Oracle is also dealing with the 
lingering fallout from a lengthy 
feud with the independent Oracle 
Applications Users Group (OAUG) 
over the futures of their separate 
application conferences. 

Ina survey of 139 OAUG mem- 
bers conducted by the user group 
and New York-based Morgan 
Stanley Dean Witter & Co. in De- 
cember, 52% of the respondents 
said they didn’t think Oracle was a 
customer-centric company. 

“Oracle has to turn around its 
bad customer public relations re- 
garding li and the OAUG,” said 
Joshua Greenbaum, an analyst at 
Enterprise Applications Consulting 
in Daly City, Calif. “l expect Apps- 
World to be as much of a customer 


lovefest as Oracle can muster.” 
Donna Rosentrater, an OAUG 
board member, said she won't be 
attending AppsWorld. But she said 
that in general, she’s looking for 
Oracle to be more accessible to 
users and to do a better job of ex- 
plaining how its new products can 
help meet their business needs. 
To address such concerns, 
Oracle plans to emphasize cus- 
tomer success stories and high- 
light its upgrade assistance pro- 
grams and technical education of- 
ferings at AppsWorld, Studer said. 
About 1,500 users are actively 
running Tl-based systems, ac- 
cording to Studer. Another 3,000 
are implementing the software or 
upgrading to it, he said. But fewer 
than half of the application users 
that make up Oracle's installed 
base have completed upgrades 


thus far. 
~ Mare L. Songini 
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Storage Bosses Need 
‘Tools to Manage Data 


Interoperability, ease of programming 
most important, conference attendees say 





BY LUCAS MEARIAN 
PALM DESERT. CALIF 
NFORMATION technolo- 
gy executives and stor- 
age administrators who 
say they’re dealing with 
an explosion of data con- 
tinue to buy cheap 
disk storage to deal 
with the overload. 
Problem is, that ap- 
proach will force 
IT managers to hire additional 
staffers and spend more than 
they need to manage their or- 
ganizations’ data effectively. 

In response to these chal- 
lenges, IT managers attending 
Computerworld’s Storage Net- 
working World conference 
here last week said that they’re 
considering using emerging 
storage resource management 
tools. 

But even those tools have 
shortcomings, including a lack 
with industry 
standards, as well as interoper- 
ability issues and a dearth of 
security features. Those draw- 
backs have kept many IT man- 
agers from taking the plunge. 

“There’s an insatiable de- 
mand on IT departments to 
put data online,” said Michael} 
Prince, vice president and CIO 
at Burlington Coat Factory 
Warehouse Corp. in Burling- 
ton, NJ. “We’ve embraced 
every bit of storage technology 
in terms of innovation [that] 
we could over the past few 
years ... yet the complexity 
and interoperability issues are 
huge things.” 

However, during the next 
two years, intelligent RAID de- 
vices and software will enable 
IT departments to provide 
storage as an enterprisewide 
utility that can be centrally 
pooled from many resources, 
said many practitioners. Stor- 
age will be set up under tem- 
porary capacity and perfor- 
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mance parameters for business 
units, which will then be 
charged by use, they added. 

“Right now, 90% of storage 
is still direct-attached,” said 
Steve Duplessie, an analyst 
at The Enterprise Storage 
Group Inc. in Mil- 
ford, Mass. “We 
spent a lot of years 
spending money 
on IT like drunken 
sailors. We can’t do that any- 
more. It’s just not reasonable 
to think we can still scale in the 
same order of magnitude.” 

Karl Huff, a vice president at 
Northern Trust Corp. in Chica- 
go, said his company has been 


| trying to do more with less as 


its data storage requirements 
have exploded from ITB of ca- 
pacity in 1999 to more than 
40TB in a storage-area net- 
work (SAN) today. That num- 
ber is expected to grow to 
100TB by early next year. 

“At that growth rate, if you 





don’t have management sys- 
tems in place, you’re going to 
have trouble,” said Huff, whose 
storage administrators had 
been keeping track of applica- 
tions and their use on spread- 
sheets — something that be- 
came far too complicated over 
time. 

“If a switch port goes out, I 
don’t know who to call,” said 
Huff, who is rolling out storage 
management software from 
Scotts Valley, Calif.-based In- 
terSAN Inc. 

Over the past two years, 
Northern Trust has been build- 
ing a SAN that will be remotely 
mirrored to a secondary data 
center about 90 miles outside 
of Chicago by year’s end. Cur- 
rently, that infrastructure has 


; “THERE’S an insatiable demand” 


to store data online, says Michael 
Prince, Burlington Coat’s CIO. 
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Bank Centralizing Storage With SAN 


Robert Smalley, senior project spe- 
cialist at the Bank of Montreal in 
Toronto, said his company is in the 
middie of converting from direct- 
attached storage to a SAN to con- 
solidate its more than 300 servers 
across three data centers. 

Smalley estimated the bank will 
spend about $20 million over the 
next five years to build a centrally 
managed, infrastruc- 
ture. So far, the bank has laid out 
its Fibre Channel infrastructure us- 
ing a 64-port director-class switch, 
installed a 125TB tape library and 
recently hooked up a 10TB IBM En- 
terprise Storage System RAID box. 

Still missing from the equation 


to be managed from many dif- 
ferent consoles. 

The return on investment 
for purchasing a storage man- 
agement tool, Huff said, lies in 
having a Web-based browser 
that can automatically discov- 
er his entire storage infrastruc- 
ture from one storage adminis- 
trator’s desktop and centrally 
manage it “without the [IT] 
help desk getting involved.” 
That can help cut down on 
help desk and storage support 
costs, he said. 

Other IT executives said it’s 
simply cheaper to buy more 


CTO: The Not-So-Popular, Misunderstood Title Needs Defining 


The title of chief technology officer, 
though used by nearly 10% of 
Fortune 500 companies in the U.S., 
has yet to develop into a clearly de- 
fined role, according to one New 
York executive management 
search firm. 

And if the CTO title ever does 
gain full acceptance, it will take at 
least 10 years for that to occur - the 
same amount of time it took for the 
CIO title to be embraced. That's the 
assessment of IT executives polled 
on the topic at Computerworld’s 
Storage Networking World confer- 
ence last week. 

John Davis, president of New 
York-based executive search firm 
John J. Davis & Associates, said 
the CTO role continues to be 
defined and its adoption has been 
slow in part due to the recession. 

The issue, Davis says, is whether 





the CTO reports “to the CIO, or vice 
versa? Or are they complementary 
positions? Is the CTO part of the IT 
organization, or does 

the CTO have a super- 
numerary role that re- 
ports directly to the 
senior management 
team? We've seen 
everything.” 

Mike Prince, CIO at 
Burlington Coat Facto- 
ry Warehouse, agreed = 
that there's no clear 
definition of what a 
CTO does. Though 
Prince said he 
wouldn't hire a CTO effect. 
now, he might consider creating the 
position someday, more as a retain- 
ment incentive to a good manager 
than as a necessary job. 

“It might even be a way for me to 


HUFF says Northern’s 
new CTO is a CIO in 


semiretire and help the company 
move forward with its direction,” 
Prince said. 

Karl Huff, a vice 
president at Northern 
Trust, said his compa- 
ny's CTO is its first 
and agreed with 
Prince that the title 
has more to do with 
politics than 
necessity. 

“He's the CIO, 
basically,” Huff said. 
“But whether a 
company has the title 
or not, there are peo- 
ple doing the job - 
setting the technology direction.” 

Most IT executives polled at the 
conference agreed that the CTO 
should be the long-term technology 
visionary at a company, concerned 








is vendor support for the entire 
SAN and a robust set of storage re- 


lution,” he said. “We want the ven- 
dors to listen to the customer. We 
want interoperability between de- 
vices and [software] tools.” 
However, Smalley said that the 
benefit of beginning a server con- 
solidation is that it makes more 
sense than continuing to pay for 
dead-end direct-attached storage. 
As he put it, “The risk of doing 
nothi 


disk storage than to spend 
money on software to manage 
it more efficiently. But Dup- 
lessie and others pointed out 
that the storage price of 4 cents 
to 10 cents per megabyte 
doesn’t include the manage- 
ment and maintenance of 
those disk storage systems, 
which research firms estimate 
to cost six to 10 times as much 
as the physical disk. D 
our Storage 


Link Knowledge Center 


www.computerworld.com/q?k1700 


For more information 
on this topic, visit 


more with promoting IT projects 
than with business. 

Paul Borrill, CTO at Veritas Soft- 
ware Inc. in San Jose, said the CTO 
“is not important for things that 
must be delivered next quarter” but 
that the position is evolving into 
an important role for promoting 
growth through the use of technol- 
ogy to automate. 

Carry Todd, CTO at First Advan- 
tage Federal Credit Union in New- 
port News, Va., said many compa- 
nies that have defined the CTO’s 
mission mistakingly make it that of 
chief technology developer. 

“| don't think it’s developing as 
much as directing. | really think it's 
understanding the business and 
then directing the technology to 
it,” Todd said. “It's about forming 
the relationship with the business 
side, where it then becomes own- 
ership.” 

~- Lucas Mearian 
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DellDetaisits 
Newest Servers . . 


Dell Computer Corp. announced 
several servers, including its first 
blade server and a pair of four- 
processor systems based on Intel 
Corp.’s Xeon MP chips. Along with 
the hardware, Dell introduced serv- 
er management software that sup- 
ports remote systems deployment 
and said it’s jointly developing Infini- 
Band-based server interconnect 
technology with Microsoft Corp. 


... With Q1 Revenue 


Better Than Expected 


Dell also said it expects to meet its 
fiscal first-quarter earnings projec- 
tions on better-than-expected rev- 
enue, although business in the quar- 
ter ending May 3 likely will still be 
down slightly from the year-earlier 
level of $8 billion. The company said 
first-quarter revenue should total 
about $7.9 billion, compared with 
earlier estimates that sales might be 
as low as $7.7 billion. 


SWIFT Drops Net Deal 


With Global Crossing 


The Belgium-based Society of 
Worldwide Interbank Financial 
Telecommunications (SWIFT) ended 
an exctusive network services deal 
with Hamilton, Bermuda-based 
Global Crossing Holdings Ltd., 
which is in bankruptcy proceedings. 
SWIFT, a global cooperative that 
clears money transfers between 
banks, said it’s taking back owner- 
ship of its X.25 and IP networks. 


Short Takes 


San Jose-based EBAY INC. said it 
fixed a security hole that could have 
let attackers change passwords be- 
longing to users of its Web site. . . . 
Brampton, Ontario-based NORTEL 
NETWORKS CORP. dropped four 
patent-infringement claims against 
San Jose-based ONI SYSTEMS 
CORP. but said it will continue to 
pursue a fifth charge. 
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Wartime ClOs Alter 
Security Strategies 


Sept. ll has taught federal IT leaders lessons 
on the value of security, continuity planning 


BY DAN VERTON 
NEWPORT, R.I 
NFORMATION technolo- 
gy managers at U.S. fed- 
eral government agen- 
cies are applying the 
lessons learned from the 
Sept. ll attacks to improve 
planning for continuity of op- 
erations during possible major 


IT disasters in the future. 


Speaking here last week at 
the annual meeting of the 
Tiverton, R.I.-based National 
High Performance 
Computing and Com- 
munications Council, 
a group of five federal 
ClOs and senior IT 
executives said IT security and 
its role in continuity of opera- 
tions has taken on heightened 
importance since Sept. ll. 

There’s an increased empha- 
sis at federal agencies to make 
operational continuity plans 
“living documents,” said San- 
dra Bates, commissioner of the 
Federal Technology Service. 

The U.S. Department of La- 


| bor, which manages employ- 


ment and unemployment ben- 





| 


efits for millions of Ameri- 
cans, lost two offices and its 
inspector general in the at- 
tacks on the World Trade Cen- 
ter and was forced to put its 
disaster recovery plan into ac- 
tion without ever having re- 
hearsed it, said Laura Calla- 
han, the agency’s CIO. 

One of the most important 
lessons to come out of that ex- 
perience, she said, is the need to 
plot a well-conceived commu- 
nications strategy in advance. 

“We couldn’t talk to 
each other,” said Calla- 

han, because of cell 
phone overload prob- 
lems and a four-hour 
“dark” period during which the 


agency shut down its networks | 


to assess the damage. 

Since the terrorist attacks, 
the agency has also moved to 
deputize its workers and cre- 
ate what Callahan calls a 
“neighborhood watch” pro- 
gram, through which they can 
report anything that doesn’t 
seem right to them. 

The Department of the Inte- 
rior is also working on devel- 


Federal Agency Faces Judicial Ultimatum 


Government CIOs are facing a new 
denial-of-service attack threat: the 
federal judicial system. 

When asked if the Sept. 11 terror- 
ist attacks had a significant impact 
on how his agency conducts IT se- 
curity planning, Department of the 
Interior ClO Daryl White said no. 
However, an unusual type of denial- 
of-service attack launched against 
his agency on Dec. 5 did create 
havoc, he said. 

On that date, U.S. District Judge 
Royce Lamberth ordered the agency 
to shut down all of its Internet con- 
nections, after hackers from New 
York-based security firm Predictive 


} 


Systems Inc. compromised the 
Bureau of Indian Affairs’ $40 million 
trust accounting system. 

“Our COOP had flown,” said 
White, referring to the agency's 
continuity of operations plan. 

Since then, about 90% of the 
agency's divisions have been allowed 
back online after having shown that 
they don't contain gaps or informa- 
tion related to the trust fund. 

But the Interior Department has 
been nearly crippled by the court 
order, said White. 

The decision amounted to a 
“judicially directed denial-of-service 
attack,” said White, citing the loss 








| oping reporting procedures 
for managing any future disas- 
ters and is focusing on inte- 
grating security and business 
continuity operations into its 
capital planning process, Cal- 
lahan said. 

“We don’t do capital planning 
with an understanding of the 
risk,” 


the Interior Department. “We 


| do it after the fact. We have to 


get away from that mentality.” 

To break away from that ap- 
proach, network architecture 
specialists at the agency are 
now being brought into the 
thick of the security planning 
process at the agency, said 
White. 


In the Works 

Lee Holcomb, CIO at NASA, 
said agencies and private com- 
panies “need to architect net- 
works to isolate mission-criti- 
cal systems.” 

One such plan that is cur- 
rently being studied at NASA 
is the use of security “honey- 
pots,” or decoy systems, to di- 
vert attackers away from sensi- 
tive operational systems, said 
Holcomb. 

Sallie McDonald, assistant 
commissioner for the Office 
of Information Assurance and 


of the agency's e-mail capabilities 
and interactive Web presence. 
“We did not realize that it could be 
done through the courts. We're still 
suffering from a dose of reality.” 

Part of that reality includes be- 
ing forced to revert back to paper- 
based processes at a time when 
the entire federal government is 
facing an October 2003 congres- 
sionally mandated deadline to au- 
tomate business processes. 

“Our decision times and cycle 
times have really suffered,” White 
noted. 

As a result of the security audit, 
the Interior Department is being 
forced to establish clear policies 
and procedures so that incident re- 
sponse and recovery “become re- 


said Daryl White, CIO at | 
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in March to Science Applications 
International Corp. 

Goal: To automate dissemination of 
software patches as soon as they 


services into a suite of products avail- 
able for free to all federal agencies. 


Time frame: Pilot 2002: full 
capability 2003 

Goal: To obtain automated, cus- 
tomized incident-handling and 
analysis of vulnerabilities. 


Critical Infrastructure Protec- 
tion at the General Services 
Administration, said there are 
also several security programs 
in the works that are designed 
to improve everything from 
patch management to secure 
collaboration and vulnerability 
analysis (see box). 

“We’re trying to develop a 
culture of security in federal 
civilian agencies,” McDonald 
said. D 


MORE 


For more on how businesses can prepare 
for potential cyberattacks, see page 30. 


peatable events,” he said. 

Although critics have accused 
the agency of not being able to 
deploy and manage security tech- 
nologies to prevent problems from 
occurring, White is now taking 
steps to improve data manage- 
ment and the agency's secure 
architecture. 

“IT security is a question 
of accountability,” said White. 
“You can’t hold firewalls account- 
able. You can only hold people 
accountable.” 


MORE’: 


To read about th the ongoing hela 
posed by denial-of-service attacks, 


see page 8. 


- Dan Verton 





Regional Floral Network, January 14 


Regional Floral Network, February 14 








Continued from page 1 


VAN Spat 


“There’s always more than 
one way to skin a cat, and 
maybe these bigger [VANs] 
will discover they’re not as 
important as they thought they 
were,” 
power play, it didn’t work.” 

But Ken Vollmer, an analyst 
at Giga Information Group Inc. 
in Cambridge, Mass., said ICC 
may not be able to absorb the 
extra fees indefinitely. “They 
can only afford to eat those 
charges for so long,” he said. 

Gregory Onjack, data inter 


he said. “If this was a | 


change e-commerce adminis- | 
Tr. . | 

trator at Mack Trucks Inc. in 

Allentown, Pa., said VAN users | 


need that 
won't be subject to these kinds 
of He 
pointed out that telecommuni- 


assurances 


unexpected changes. 


they | 
| books via EDI,” he said. 


cations firms can’t randomly 


disconnect from one another. 
Onjack said Mack Trucks 
has 200 suppliers on Sterling’s 


network and more than 350 on 


GXS’s VAN. Mack used to be a 
GXS customer, but he said it 
switched early last year be- 
cause ICC’s prices were 70% 


lower than the $20,000-plus | 


monthly fee it paid to GXS. 
Now, Onjack said, both GXS 
and Sterling have offered to 
meet ICC’s price if Mack shifts 
to their networks. “To me, this 


is a terrible business practice,” | 


he said. “I call it price fixing.” 
Russell Stultz, president and 
CEO of Wordware Publishing 


AT A GLANCE 


New Plans 
For VAN 


Some of the changes EDI net- 
work operators have made to 
handle Internet transactions: 

® Some VANs use simpler communications 
standards like file transfer protocol and off 
the-shelf messaging middleware rather 
than proprietary EDI links 


depending on level of security users want 
@ Many VANs now provide Web-based 
summaries of transaction information 

® Some VANs dropped kilocharacter 
charges and usage-based pricing in favor 
of negotiated annual license fees 


| mote 





Looking for Plan B 


Devon Johnson, EDI manager at 
frozen dough manufacturer Rhodes 
International Inc. in Salt Lake City, 
says about half of his EDI traffic 
comes through the Sterling Com- 
merce value-added network (VAN). 
In October, Rhodes switched from 
Sterling to ICC with the hope of reap- 
ing deep savings in its VAN charges. 


Inc. in Plano, Texas, said that | 


he also was contacted by Ster- 
ling shortly after it informed 
customers in January that it 
would disconnect from ICC. 
“The timing seemed to im- 
ply that if we didn’t switch, 
we'd no longer be able to trade 
with Borders and Walden- 


Continued from page 1 


VOIP 


one network that’s going to 
handle both voice and data,” 
said Mark Katsourous, commu- 
nication automation specialist 
at the University of Maryland 
in College Park. “We're talking 
a major forklift upgrade.” 

The university has installed 
VOIP phones made by Basking 
Ridge, NJ.-based Avaya Inc. in 
some of its dormitories and re- 
locations. But to do a 
wider rollout, Katsourous said, 
he would first need to install 
new routers that could guaran- 
tee voice quality and backup 


| power for the voice devices. 


“There is no such thing as a 


| quick voice over IP implemen- 
tation,” said Zeus Kerravala, an 


analyst at The Yankee Group in 


Boston. He said one of the chief | 


limiting factors is that a wide- 


| area network using a T3 carrier 


line “is only one-half the speed 


of a typical LAN,” which is the | 
| bandwidth VOIP requires. 


St. Michael’s Hospital 


on its LAN and 20M bit/sec. on 


its WAN. “I wouldn’t have en- | 


tertained voice over iP on our 
previous network,” said CIO 
John Wegener. 


in | 
Toronto recently boosted band- | 
| width from 3M to 40M bit/sec. 





So when Sterling disclosed to cus- 
tomers that it would disconnect from 
New York-based ICC, Johnson began 
setting up an account with E-Com 
Systems Inc. in Hamilton, Bermuda, 
as his backup. “Although we don't ex- 
pect this to cost a great deal finan- 
Cially, it is taking a lot of our time to 
take a precaution that shouldn't be 
necessary,” he said. 

Frank Kenney, an analyst at Gart- 
ner Inc. in Stamford, Conn., warned 


A GXS spokesman denied 


that the company’s decision to | 
sever its connection to ICC’s | 


network was a case of corpo- 
rate bullying. He also denied 
that GXS is engaging in any 
price fixing, saying that its of- 
fers to prospective customers | 





“are made unilaterally, based | 
| coming profitable this month. 


upon our own information.” 


Like other St. Mi- 
chael’s is using a VOIP/private 
branch exchange (PBX) con- 


users, 


vergence tool as it transitions | 
to Internet telephony. Wegener 


stressed the importance of 
tions and network vendors on 
the same page before starting a 
major project. | 
“You really need all three of 
them around the table if you 


want to get things resolved,” he 


said. “You need to lay out | 


who’s responsible for what 
from the start, because it never 
goes 100% smooth.” 

More customers will likely 
be calling those powwows in 
coming years, according to 
Kerravala. He said that while 
over-all demand for phone sys- 
tems likely will be down slight- 
ly this year, Yankee Group ex- 
pects VOIP’s share of the mar- 
ket for new installations to rise 
from 10% in 2001 to 25%. 

The city of Houston last 
month began work on what it 
says will be the largest VOIP 
deployment by any govern- 
ment body in the U.S. to date, 
linking 25,000 phones in a $15.7 
million, 18-month project. 

Denny Piper, the city’s CIO, 
admitted that it won’t be easy. 
“We're going to find some 
holes in our network, but we 
would have had those anyway,” 
he said. “That you might run 





that part of the cost of doing busi- 
ness in the VAN world is that continu- 
ity of service isn’t guaranteed. 

“As fat-cattish as these [estab- 
lished] companies seem to be, 
they've invested millions upon 
millions upon hundreds of millions in 
their infrastructure,” he said. “They're 
not a public utility.” 

Kenney added that users need 
to be aware of the state of the VAN 
industry. Peregrine Systems Inc. in 


Sterling declined specific 
comment but said it has “an ac- 
tive plan to enable customers 
affected by” the termination of 
its link to ICC’s network. 

ICC CEO Mike Cassidy ac- 
knowledged that the discon- 
nects will prevent the company 
from meeting its goal of be- 


into problems is not justifica- 
tion for not doing it.” 
Houston’s municipal gov- 
ernment currently operates 47 
PBX phone systems and 43 


| separate voice-mail systems. It 
getting VOIP, telecommunica- | 


has spent the past five years in- 
stalling a Cisco Systems Inc. 
network and will also use Cis- 
co as its VOIP vendor. 

But even with a single ven- 
dor, there are costly redun- 
dancy and quality-of-service 
issues, Piper said. “We're look- 
ing at another $2.2 million in 
incremental network upgrades 
over the next year,” he added. 
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San Diego is selling its 40,000- 
customer e-commerce unit, which 
could affect its interconnects. 

If intra-industry tussles are too 
distracting, Kenney suggested 
that enterprise portals and private 
and public e-marketplaces offer an 
alternative. 

“People may say, ‘Hey, I’m going 
to start doing this myself,’ ” he said. 
“The technology's out there.” 


~- Michael Meehan | 


But he said ICC will survive the 
spats with Sterling and GXS. 
Other new VANs haven't 
faced the same kinds of prob- 
lems, Vollmer said. “There’s 
something going on [with 
ICC] that we don’t know,” 
Vollmer said. “I’m sure at some 
point there'll be lawsuits flying 
around, and we’ll find out.” D 


Steve Leaden, president of 
telecommunications and net- 


working consulting firm Lead- 


en Associates Inc. in Washing- 
tonville, N-Y., said he believes 
that protracted VOIP imple- 
mentations will prove a major 
challenge for IT executives. 

“Every IT department I talk 
to that’s doing this, these guys 
are on total overwhelm,” Lead- 
en said. D 


me 


www.computerworld.com/q?28672 


Users are looking for 
better monitoring of 
VOIP networks: 


2 ec enn nt 


Network Needs 


Users considering VOIP installations should check these items 
to make sure their networks are ready for the technology: 


= Measure and characterize end-to-end delays and packet loss 
for IP telephony across your network. 





= Companies with slower networks or nets running near 
capacity, make sure wiring closets recognize the 802.1P protocol 


; for traffic prioritization at Layer 2. 





traffic times. 


2 Your core data network must be able to prioritize packets at 
> Layer 3. 


- « Determine WAN use, preferably no more than 85% at peak 





: @ Identify your low-speed links (under 256K); these may degrade 
= voice quality. 





to ensure reliability. 


< = Probe for network trouble spots (dropped packets, queue 
« exhaustion, ingress/egress interference, CPU use). 


¥ = Determine whether you need to add redundant power supplies 
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Satellite Radio Operators 
Claim Wireless Interference 


Start-ups ask FCC to restrict emissions 
from Wi-Fi networks, Bluetooth devices 


BY BOB BREWIN 


WO START-UP satel- | 


lite radio opera- 

tors are asking the 

Federal Commu- 

nications Com- 

mission to sharply limit emis- 

from wireless LANs, 

Bluetooth short-range wireless 

devices and fixed wireless sys- 

tems that operate in an unli- 

censed band adjacent to the 
spectrum they have licensed. 

The rival radio ventures — 

New York-based Sirius Satel- 

lite Radio Inc. and Washing- 


sions 


ton-based XM Satellite Radio | 


Inc. — argue that the FCC’s 
rules are designed to prevent 





unlicensed systems from inter- 
fering with licensed ones. But 
wireless LAN operators con- 
tend that they don’t cause un- 
due interference. 
The confrontation 
bubbled out of regu- 
latory obscurity late 
last month, when 
FCC Chairman Michael Powell 
told attendees at the PC Forum 
2002 conference in Scottsdale, 
Ariz., that he wanted to hear 
their comments on the issue. 
Ina Jan. 23 filing, Sirius asked 
the FCC to restrict the power 
of unlicensed wireless systems 
operating in the 2.4-GHz band. 
Sirius said in its petition that 


Campbell Looks to Link 


Applications 0 


New portal eyed as 
single source of 


data for end users | 


BY JENNIFER DISABATINO 
Campbell Soup Co. has a mul- 


titude of intranet sites from 


which its sales force and other | 


employees can get informa- 


tion, but many of them are nev- | 
er used. Joe Brand is trying to | 


change that. 

Brand, director of enterprise 
architecture at the Camden, 
NJ.-based food 


Web-based corporate 
that’s designed to eventually 
serve as a single source of data 
for employees at Campbell’s op- 
erations around the world and 
some of its business partners. 


n Intranet 





company, is | 
overseeing the creation of a 
portal | 





lot mode now and is scheduled 
to go live May 18. Brand said 
the initial version will feature 
typical portal fodder: human | 
resources applications. | 
But Brand added that the 
portal, which is based on IBM 
software and is being devel- 
oped through an IT services 
contract with IBM, has an in- 
frastructure that should let 
Campbell rapidly bring its oth- 
er applications and databases | 
online. 





| Increased Productivity 


The next applications to be | 
tied to the portal will be sales | 
force automation tools. Camp- 
bell also plans to add business | 
processes, such as its online | 
procurement activities. 

Brand wouldn't disclose the | 
cost of the project. But he said 


company officials expect the | 
The portal is being run in pi- | 


portal to increase productivity 


out-of-band emissions 
devices such as 802.11b Wi-Fi 
LANs “seriously 
threatened” deployment of the 
fee-based radio systems that it 


wireless 


and XM have spent a total of $3 | 


billion to develop. 

The alleged 
problems with the 2.3-GHz 
band used by the ra- 


dio operators could | 


be resolved by in- 
stalling filtering 


technology on Wi-Fi | 


and Bluetooth devices, Sirius 


| claimed. An XM spokesman 
| agreed, 


saying that filters 
could be added by wireless de- 
vice makers at “a modest cost.” 

But Guy Hamblen, a manag- 


er in the wireless telecommu- | 


nications group at United Par- 
Service Inc. in Atlanta, 
characterized the Sirius peti- 


cel 


Details about IBM’s new 
corporate portal offering: 


ia Mis eee Ss 


@ WebSphere portal and applica- 
tion server software 


= Lotus Domino, Sametime and 
QuickPlace applications 


tools 


= DB2 Universal Database 


Wi Ss SS 


= Consolidation of multiple 
intranets into a single portal 


@ Employee and customer self- 
service applications 


# Online collaboration and 
increased mobile support 


| 
| 
i 
| 
8 Tivoli security management i 
| 
i 
| 
} 
i 
| 


@ Web-based corporate training 


by reducing the amount 
time employees spend search- 
ing for information. 


of 


ing and collaboration tools de- 


from | 


interference | 








tion as a case of “asking for the 
moon and negotiating down 
from there.” UPS is in 
process of deploying some of 
the world’s largest wireless 
LAN and Bluetooth networks. 
Hamblen said any potential 
interference between Wi-Fi 
devices and satellite radios is 
close to immeasurable. “At a 


distance of anything more than 
| 


100 feet, the interference is in- 
finitesimal,” he said. But Blue- 
tooth systems that link cord- 
less headsets and cell phones 
in cars that are equipped with 
satellite radios may be a bigger 
concern, Hamblen said. 

If approved, the Sirius peti- 
tion would “severely hinder” 
users of the unlicensed spec- 
trum, said Andrew Kreig, pres- 
ident of the Wireless Commu- 


nications Association Interna- | 


| ware Group, plus other IBM 


technologies. IBM announced 
late last month that Campbell 
was the first customer of a new 
Dynamic Workplaces IT ser- 
vices offering that utilizes the 
various products (see chart). 
Campbell was already using 
Lotus Notes, but Brand said 


| that wasn’t the key to its deci- 
| sion to go with IBM on the por- 


tal project. He said the big sell- 


| ing point was IBM’s plan to add 
| support for Java 2 Enterprise 
Edition in new versions of Lo- | 
} tus’ products, a strategy that 
| was announced in January. 


“We wanted a development 
platform that adhered to in- 


dustry standards,” Brand said. 


Portals such as the one at 


consultant and a director of 
the messaging forum at The 


| Open Group in Menlo Park, 
| Calif. “You have to define per- 

The portal includes e-mail, | 
conferencing, instant messag- | 
| Reporter Todd R. Weiss 
veloped by IBM’s Lotus Soft- | 


missions and rules,” she said. D 


contributed to this report. 


the | 





| Campbell have to be able to se- | 
| curely manage end-user iden- | 
| tities within a directory, said 

Michele Rubenstein, a security 
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tional, a Washington-based 
trade group that represents 
fixed wireless companies. He 
predicted a “battle royal” over 
the issue before the FCC. 
Michael Murphy, director of 
support services at the Carlson 
Hospitality division of Min- 
neapolis-based Carlson Com- 
panies Inc., said the spectrum 
battle is low on his list of wire- 
less LAN priorities. “I have a lot 
of other things I need to focus 
on, like security and encryp- 
tion,” Murphy said, noting that 
the tiff won’t affect ongoing 
wireless projects at Carlson. D 


Satellite Radio 
Irks Broadband 


Companies 


While satellite radio operators 
are complaining about Wi-Fi 
and Bluetooth systems, several 
wireless broadband service 
providers last month filed 
claims with the FCC charging 
that their networks are being 
interfered with by the radio sys- 
tems, particularly those run by 
XM Satellite Radio. 

The broadband suppliers 
told the FCC that terrestrial re- 
peaters operated by the satel- 
lite radio companies will cause 
“devastating” interference to 
their own operations within the 
2.3-GHz band. The claims were 
filed by WorldCom Inc., Bell- 
South Corp., BeamReach Net- 
works Inc. and the Wireless 
Communications Association 
International trade group. 

XM Satellite operates about 
900 terrestrial repeaters, while 
Sirius Satellite Radio currently 
has about 100 of the devices, 
which are designed to fill cov- 
erage gaps in their services 
within U.S. cities. The FCC has 
allowed the repeaters to be 
used on a temporary basis. 

An XM spokesman said the 
company could resolve any in- 
terference problems with wire- 
less broadband systems by 
adopting filtering technology, 
much as it has suggested wire- 
less LAN manufacturers do to 
prevent their systems from in- 
terfering with satellite radio re- 
ceivers. 

- Bob Brewin 


a | 
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HP Blade servers are here. 
The most flexible way to 
manage your infrastructure. 


Radical simplicity. Extraordinary flexibility. HP Blade servers are about 
to forever change the way you look at, manage and, yes, even maneuver 
through your data center. 

They are complete, ultra-dense servers on single modular cards— including A Detach blades below ond 
processor, memory and all network connections—that come with a choice of a: Reconfigure 
Linux, Windows” or HP-UX. 

Easier to manage and maintain. 

This elegant, standards-based design allows you to easily combine server, 
storage, networking, appliance and management blades in the same 38-slot 
chassis, then reconfigure on the fly to handle expanding or contracting workloads. 

Each blade connects to the network infrastructure already embedded in the 
chassis, dramatically cutting the number of cables needed. With far fewer cables 
to fuss with, they're far easier to manage and maintain than conventional servers. 

Even management is shared. Which means all 38 blades can be viewed and 
monitored as a single system. 
More efficient and reliable. 
Since all blades in the chassis share the same power and cooling source, 


they're also more energy and space efficient. In fact, you'll find HP Blade servers 


server blades 





place them in these slots. 
as needed. 


reduce the typical number of fans and power supplies 
required by as much as 60%. 

The reliability advantages of moving to blades 
are profound. To give you some perspective, imagine 
building a server cluster solution that is comparable to 
a fully loaded HP Blade server cabinet. The projected 
annual failure rate of the HP Blade server solution is 

about 41% lower than that of the comparable server cluster. 

In the unlikely event that a blade should fail, the problem is isolated in the 
same way that multiple systems connected by I/O are isolated from each other. 

Is your server as sharp as a blade? 

Servicing a blade is as easy as deploying one. Each blade is freely accessible 
from both the front and rear of the cabinet and can thus be replaced at a moment's 
notice. Each slot can be powered on or off separately. Hot-swap and hotplug 
technology is implemented throughout, allowing for the seamless addition or 
replacement of blades while the rest of your infrastructure continues to hum. 


We invite you to read our technical white paper on HP Blade servers. 


Or, better yet, talk directly with one of our infrastructure specialists to find 


out more about how HP Blade servers can change the 


face of your business. Give us a call at 1.800.HPASKME, 3 
extension 246. Or visit www.hp.com/go/infrastructure. Ci} 


Infrastructure: it starts with you. 


network blades management blades 








HP Names Execs to 
Postmerger Roles 


Hewlett-Packard Co. named 150 ex- 
ecutives to handle senior manage- 
ment jobs if its proposed acquisition 
of Compag Computer Corp. occurs. 
HP, which is awaiting formal ap- 
proval of the deal by its sharehold- 
ers following a vote last month, said 
the appointments would include 
business and sales executives from 
its operations and those of Compaq. 


WorldCom Cuts Jobs 


At Corporate Unit 


WorldCom Inc. said it’s laying off 
6% of the workers at its WorldCom 
Group unit, which offers data, In- 
ternet and voice communication 
services to corporate users. The 
3,700-person cutback is being done 
to better align costs with a reduced 
revenue outlook that was announced 
in February, WorldCom said. The 
layoffs reduce the company’s total 
workforce by 4%. 


Microsoft Asks Judge 


To Reconsider Ruling 


Microsoft Corp. asked a U.S. District 
Court judge in Seattle to reconsider 
a March 15 ruling that allows San 
Diego-based Lindows.com Inc. to 
continue selling its Lindows operat- 
ing system. Microsoft, which is suing 


Lindows.com for allegedly infringing | 


on its copyrights, said the judge 
asked the wrong questions while 
considering its injunction request. 


Short Takes 


AT&T CORP. and London-based 
BRITISH TELECOMMUNICATIONS 
PLC completed the dissolution of 
their CONCERT COMMUNICATIONS 
CO. joint venture and took back 
individual control of its assets. . . . 
In a stock-swap deal, New York- 
based security consulting firm 
KROLL INC. agreed to buy ON- 
TRACK DATA INTERNATIONAL INC., 
an Eden Prairie, Minn.-based maker 
of data recovery software. 





Low IT Budgets Hurting 
Many Software Vendors 


Parade of companies says first-quarter 
results will be below expectations 


| BY TODD R. WEISS 


HE RECESSION may 
be showing signs 
of ending in the 
U.S., but the eco- 
nomic recovery is- 
n’t coming fast enough for 
many software vendors. Nearly 
a dozen firms last week warned 
that their first-quarter finan- 
cial results will be lower than 


expected due to continued lim- | 


its on IT spending. 


Vendors such as Pleasanton, | 
Inc.; | 


Calif.-based PeopleSoft 
Dallas-based i2 Technologies 
Inc.; Redwood City, 
based BroadVision Inc.; and 
Commerce One Inc., also in 
Pleasanton, all said they had 
sales shortfalls during the quar- 
ter ended March 31. Many cor- 


| porate users remain cautious 


about investing in new soft- 


| ware, the vendors said. 


For example, Commerce One 


disclosed that it sold only 


about $8 million worth of its | 
| business-to-business applica- 


tions in the quarter. San Mateo, 
Calif.-based E.piphany Inc. said 
a user that late last year signed 
the largest contract in the cus- 
tomer relationship manage- 
ment (CRM) software vendor’s 
history notified it during the 
first quarter that the project 
was being rethought. 

Albert Pang, an an- 


| alyst at IDC, a Fram- 
| ingham, Mass.-based 
research firm, said 
| new applications — even those 
| that offer potential business | 


paybacks to users — have be- 


come a much harder sell be- | 
cause of the tight IT budgets at | 
| many companies. 


“We've seen a fundamental 


| shift among the customers,” 


Pang said. “They want to see 
quicker benefits and faster im- 
plementations and lower cost 
of ownership.” 

According to a survey of 


Calif.- | 








approximately 900 companies 
worldwide that was released 
last month by Forrester Re- 
search Inc. in 
Mass., a majority of the re- 
spondents said they have no 


| interest in buying either CRM | 
or supply chain management | 


software this year (see chart). 


Hard Times to Continue 


ing their IT spending and fo- 
cusing on infrastructure tech- 
nologies such as networking 


| Revenue drop forces 


layoffs, site closings 
BY TODD R. WEISS 
Stung by a continuing drop-off 
in revenue, mainframe soft- 
ware and services vendor 
Compuware Corp. last week 
announced that it’s 
laying off an undis- 
closed number of 
workers and closing 
some of its IT ser- 
vices offices as part of a plan to 
shed unprofitable operations. 
Like many other vendors 
(see story above), Compuware 


warned that business in the 
| quarter ended March 31 was | 


below expectations. The Farm- 


| ington Hills, Mich.-based com- 


pany said it expects to report 
fourth-quarter revenue of ap- 
proximately $400 million, more 
than 20% below the year-earli- 
er level of $514.5 million. 


Cambridge, | 








equipment and information se- 
curity tools, she said. As a re- 
sult, Orlov added, Forrester ex- 
pects hard times to continue 
for application vendors at least 
through the end of this year. 

“I think everybody’s getting 
killed out there,” said John 
Chen, chairman, CEO and pres- 
ident of Dublin, Calif.-based 
Sybase Inc. “It’s a really tough 
environment.” 

Sybase, a vendor of databas- 
es, mobile software and inte- 
gration tools, said it expects to 


| meet the pro forma earnings 

“We think the economy is a | 
major factor here,” said For- | 
rester analyst Laurie Orlov. | 
Many companies are restrict- | 


projection it made during the 
first quarter. But the company 
met those earnings because of 
cost-cutting, not strong sales, 
Chen said. 

First-quarter revenue will 
likely total about $210 million, 


Compuware Moves to Cut 
‘Back Services Operations 


Software license sales and 
professional services revenue 


both fell sharply on a year-to- | 


year basis. But Compuware 
said the layoffs and office clos- 
ings will primarily affect IT 
services workers and employ- 
ees who support those workers. 

Compuware has about 12,000 
workers and 110 offices world- 
wide. The company said it 


Damage Control | 


Key details about Compu- 
ware’s planned cutbacks: 
WHY IT’S HAPPENING: Compu- 
ware said that some of its IT services 
operations haven't been profitabie, 
and the situation isn't expected to 
change in the near future. 


HOW IT WILL AFFECT USERS: 
That's unclear. Compuware wouldn't 
say how many workers will be laid off 
or disclose the offices that will be 
downsized or closed. 


| smaller software 
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No Thanks 


Are you interested in buying 
CRM or supply chain soft- 
ware this year? 


CRM 


Ba 35% 
SR SERE 53% 


12% 
SUPPLY CHAIN 


He 22% 
DRE 61% 
817% 


@ POTENTIALLY INTERESTED 
@ NOT INTERESTED 
@ UNSURE 


2 Base: 874 companies worldwide 


| Sybase said. That would be 8% 


less than the consensus esti- 
mate of $228 million from Wall 
Street analysts who were sur- 
veyed by Boston-based First 
Call/Thomson Financial. D 


won't divulge the number of 
employees it will lay off or 


| identify the offices due to be 
| scaled back or closed until the 


affected workers have been no- 
tified. The cutbacks are ex- 
pected to be completed within 
about two weeks in North 
America but will take longer in 
Europe because of the labor 
laws there. 

Peter Karmanos Jr., Com- 
puware’s chairman and CEO, 
said in a statement that the 
company will honor all IT ser- 
vices contracts to which em- 
ployees have been assigned. 
Workers in offices that are be- 
ing closed will be given incen- 
tives to stay until they finish 
projects for users, he said. 

David Floyer, an analyst at 
ITCentrix Inc. in Mountain 
View, Calif., said many users 
don’t need as much main- 
frame-related services help as 
they used to. He added that 
Compuware previously grew 
its revenue by snapping up 
vendors, a 
strategy that doesn’t work now. 

“The way they grew in the 
past was through acquisitions, 
and there’s nothing to acquire 


anymore,” Floyer said. D 





Word on the Street: 
Migrate to Linux. 


On Wall Street, technology performance means money. That’s why Red Hat® Linux® 


and Compag ProLiant™ servers quietly power many of the world’s top financial firms. 


No wonder. Linux is open source. You can see the code. You stay in control. 


And you won't get trapped again by proprietary technology. 


Red Hat Linux Advanced Server is the enterprise platform for UNIX to Linux 
migration. Scalable performance. Stabilized releases. Support from top software 


vendors you already use. 


Red Hat and Compaq — enterprise-ready, no matter what street you're on. 


Go to www.redhat.com/explore/thestreet 


COMPAG Sy redhat 


1-866-2REDHAT #4 








MARYFRAN JOHNSON 


Web Adolescence 


S ANY PARENT who has survived it 

will tell you, adolescence is a balanc- 

ing act between tantalizing potential 

and nerve-racking risk. So it’s a mixed 

blessing that the Web is now arriving 
at its own riveting version of this stage. 


On the potential side, 
there persists a profound 
belief that the Web holds 
the power to change the 
future of business. On the 
risk side, however, there 
will inevitably be awk- 
ward growth spurts and 
spectacular screw-ups. So 
what are some of the 
lessons corporate IT and 
business can learn as the 
immature Web finds its 
way to adulthood? Here 
are three to consider: 

Lesson No. 1: Practice discretion. (Re- 
vealing too much means regretting it later.) 


Our cover story last week, “Guard- 


ing the Online Gates,” begins with a 
compelling anecdote about the chief 
of security from now-bankrupt Exo- 
dus Communications arriving at a 
meeting with 700 pages of competi- 
tive intelligence on Cable & Wire- 
less, which was acquiring Exodus 
assets. Surprise! 

Unbeknownst to many organiza- 
tions, their own Web sites have 
evolved into gold mines for competi- 
tors. Companies are posting every- 
thing from floor plans and manufac- 
turing processes to details about net- 
work infrastructure and employee 
travel schedules. Even if online dis- 
cretion isn’t a problem for your firm, 
it may be for one of your partners or 
suppliers. 

Experts advise that before compa- 
ny content goes up online, a review 
team from the legal, human re- 
sources, marketing, IT and business 
units should approve it. (Well, that 
should ensure you'll never post any- 
thing again.) 

Lesson No. 2: Readjust to bottom-line 
realities. (There really is no free lunch.) 

There was a flurry of stories last 


MARYFRAN JOHNSON is 
editor in chief of Comput- 
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computerworld.com. 





week about the impend- 
ing demise of free e-mail 
services, as both Yahoo 
and Microsoft launched 
premium paid services 
for e-mail forwarding or 
additional storage space 
that would cost avid 
users $20 to $30 a year. 
Portal player Terra Lycos 
is also toying with paid 
e-mail services. 

Of course, as any pub- 
lisher knows, e-mail was 
never free in the first place. It was 
advertiser-supported in the hope 
that millions of eyeballs would mean 
millions of transactions. Wrong. Ad- 


| vertisers are now curled up in fetal 


positions, waiting for the economy 
to improve. Analysts say it will take 
years for fee-based e-mail to catch 


| on because of consumer resistance 

| to paying for a “free service.” Wrong 
| again. People will pay for what they 
| value — although it certainly won't 





be six different e-mail addresses. 

Lesson No. 3: Avoid magical thinking. 
(Bad things don’t disappear when you ig- 
nore them.) 

Many businesses seem determined 
to overlook unpleasant realities, such 
as the burgeoning threat of viruses, 
worms and Trojan horses. As we re- 
ported in our Future Watch feature 
last week (“Malware’s Destructive 
Appetite Grows”), the problem is es- 
calating. In 1998, there were 262 
known vulnerabilities in all operat- 
ing systems and 40,000 known virus- 
es. Today, there are 10 times the op- 
erating system vulnerabilities and 
59,000 viruses, according to the 
CERT Coordination Center and 
TruSecure Corp. They’re multiplying 
faster, propagating more efficiently 
and attacking networks much more 
effectively. 

The next frontier for rogue soft- 
ware will get even more personal: in- 
vading our cell phones and PDAs. 
Security experts are predicting a ma- 
jor outage of at least one nationwide 
service within the next five years, 
and it probably won’t take that long. 

One comforting thought is that 
adolescence mercifully passes. The 


Web will mature, and we will look 


back on these difficult years and say, 
“That wasn’t so bad, was it?” D 
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PIMM FOX 


No Wires, 
No Security, 
No Solution 


PRING IS IN THE AIR, and 

so is your vital network 

data. The explosion of 
wireless networks — at home 


and in the office — using 
802.11 standards has been a boon to 
laptop makers and users who dislike 
being tethered to LANs. 

A trip to an airport, conference 
room or cafeteria confirms that wire- 
less LANs are a common feature of the 
IT landscape. The trouble is, hackers 
are making the same trip. Dubbed “war 
drives,” they 
travel in cars 
armed with a 
laptop, antenna, 
free download- 
able software 
and a little bit of 
knowledge, aim- 
ing to discover 
wireless access 
points. 

Chris O’Fer- 
rell, CTO at 
Herndon, Va.- 
based Netsec, 
recently took a drive around Capitol 
Hill in Washington and located more 
than 100 access points, including many 
from the government. Luckily for 
those IT administrators, O’Ferrell is a 


Pimm FOX is Computer- 
world’s West Coast 
bureau chief. Contact 
him at pimm_fox@ 
computerwortd.com. 


| security expert whose company this 


summer is coming out with a device to 
detect wireless network intrusions. 

But one device isn’t the complete an- 
swer to the Herculean task of securing 
wireless access points. You need strict 
policies for wireless security. 

No more wireless couch-potato net- 
works with the company’s laptop. A 
sweep of a bedroom community in the 
evening reveals how easy it is to get 
the Service Set Identification (SSID), 
which, when inserted into the wireless 
network card configuration, permits 
network log-ins. Better to turn off 
SSID broadcasting. 

Most Dynamic Host Configuration 
Protocol (DHCP) servers automatical- 
ly assign IP addresses for a network — 


rife 
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so consider disabling DHCP and go 
with static IP addresses. At the very 
least, according to O’Ferrell, you can 
then prove malicious intent, because a 
hacker would have had to manually 
configure an IP address to enter the 
network. Static IP addresses are a pain, 
but they’re more secure. 

Do regular intrusion sweeps of your 
wireless network to see if you can hack 
your own network. And do them at 
lunch, when the executive conference 
rooms are used or when workers are 
outside with their machines. The sig- 
nal strength of wireless networks varies 
from 300 to 2,000 ft., so don’t assume 
someone in the parking lot is too far 
away to slip inside your network. 

Enable Wired Equivalent Privacy, 
but recognize that it isn’t activated by 
default — you have to configure the 
client and the access point to make it 
operational. 

Use Media Access Control-layer fil 
tering, but don’t rely on it, because 
MAC addresses are in the open when 
transmitted and can be spoofed. 

Don't put the access point on an 
internal network, and make sure your 
virtual private network gateway is 
inside the firewall. 

Finally, design a security plan before 
implementing a wireless network; oth- 
erwise, this spring could easily turn 
into a winter of discontent. D 


DAVID MOSCHELLA 


IT Industry 
‘Takes It On 
The Chin 


HESE DAYS, I’m almost 

afraid to open the news- 

paper. Has there ever 
been a more embarrassing 
time to be in the IT business? 
It’s bad enough that budgets are tight 
and technology stocks are in the 
dumps, but consider what’s happening 
with some of the biggest — and theo- 
retically most respected — companies 
in the industry. 

1. Even now that the HP/Compaq 


vote has been taken, the story just won't | 


go away. The counts and recounts may 
take longer than the presidential elec- 
tion in Florida, and now Walter Hewlett 
is taking the whole thing to court, es- 
sentially accusing HP of buying votes. 
Has there ever been such sustained and 
personal mudslinging within such a 


NEWS) 


once-admired company? And 
it’s hard to avoid wondering 
if the antimerger forces 
would have been quite so 
fierce were the CEO of an- 


| other gender. Then again, I 
| also think the merger is a ter- 


rible idea. 

2. Can you think of a more 
absurd suit than America 
Online using its Netscape 
division to sue Microsoft? 
AOL decided to buy 
Netscape in November 1998, 


DAVID MOSCHELLA 
is an author and 
independent consul- 
tant. Contact him at 


dmoschella@earthlink.net. 
| 


| and since then has done ab- 


solutely nothing to promote the Navi- 


| gator browser. 


If AOL had simply converted its own 
base from Explorer to Navigator, 


| browser competition today would be 


alive and well. A trial would almost be 
worth it, just so AOL would have to 


explain this in public. 


3. Sun’s suit against Microsoft isn’t a 
whole lot better. Even a clever talker 
like Scott McNealy can’t find it easy to 


| explain how: a) Java is the clear global 
| standard and will soon be in your toast- 


er, and b) Microsoft should 
pay Sun for the irrevocable 
harm it has inflicted upon 
Java. If anything, Micro- 
soft’s dominant position 
and high-handed tactics are 
among the main reasons 
the rest of the industry 
accepted Java in the first 
place. 

Oh well, at least Scott 
is entertaining, with seem- 
ingly a good line for every 
occasion. 

4. Of course, Microsoft is 
hardly a figure of sympathy. The com- 
pany remains unrepentant and seems 
as determined as ever to wield its pow- 
er. In recent days, Red Hat, Palm, Gate- 
way, Novell and others have all come 
forward and complained that Micro- 
soft continues to abuse its monopoly 
position. 

And although these companies 
clearly have their own axes to grind, 
it’s telling that Microsoft can’t put for- 
ward anyone to say that its practices 
have changed in keeping with the spir- 


it of the proposed Justice Department 
settlement. 

5. Things only get worse in the dot- 
com and telecommunications worlds. 
Fortunately, most people incorrectly 


| see Enron as a Texas energy company, 


not the once-signature business-to- 


| business exchange. But is there any 
| doubt that the alleged Global Cross- 


ing/Qwest “I'll pay you; you pay me” 
revenue shell game was rampant 
through many parts of the dot-com 
industry? You know there will be more 


| of this to come. 


| 
| 
| 


6. Then there are the daily thorns of 
executive privilege and greed. World- 
Com gives Bernie Ebbers a nice little 


| $340 million loan; failed executives 


walk away with millions, while their 


| employees get shown the door; the big 
| bonuses keep flowing, even as compa- 


nies don’t perform. 

Perhaps most scarily, stock options, 
the golden goose of the IT industry, are 
now under sustained attack, to who 
knows what end. 

Let me know if you hear any good 
news. I’m sure we could all use it. D 


"Blame the Customer 


FOUND THE thoughts of 

CA President and CEO 

Sanjay Kumar enlighten- 
ing [“CA Confronts User 
Anger, Reveals Web Portal 
Plan,” Page One, March 4]. I 
learned that the cause of 
combative customer rela- 
tionships is acquisitions and 
subsequent restructuring. I 
was relieved to find that it’s 
still the customer’s fault and 
not a problem with CA’s 
corporate culture, policies, 
attitudes and procedures. 
Bob Randolph 
President 
Alpha Professional Services Inc 
Philpot, Ky 


Behind Spaghetti Code 


ENJOYED THE article 

“Mainframe Skills, Pay at 

a Premium” [Page One, 
March 4]. However, it’s al- 
most impossible to get a | 
true Cobol mainframer a job | 


| because companies are try- 


ing to cut corners and hire 


| only those who can also 


write in other languages. 
But these programmers love | 


to use negative “if” state- 
ments, causing abends and 
giving us spaghetti code like 
we had in the 1970s when 
assembler programmers 
learned Cobol. I have tried 
to learn C, Unix and Visual 
Basic, but my expertise al- 
ways puts me on a Cobol 
job, so I lack experience in 
them. 

William M. Vasquez 

Senior programmer/analyst 
Joliet, Ill 

bvasq@allstate.com 


A QA Lesson From Enron 


NE MAJOR lesson 

emerging from the 

Enron debacle is the 
need to avoid having the 


provided by the software 
vendor to fault the vendor 
on inadequate configuration 
management or poorly exe- 
cuted software testing? Will 
a reviewer from a vendor’s 
implementation partner risk 
a $15 million consulting con- 
tract by pointing out ina 
$40,000 QA report that the 
project is behind schedule 
or that scope creep is threat- 


| ening to drive up the project 


cost? 

M. Glenn Newkirk 

President, InfoSentry Services Inc 
Raleigh, N.C. 
glenn_newkirk@infosentry.com 


| Suspect Privacy Policies 


same firm carry out consult- | 


ing and auditing activities 
(“Enron Lesson: Tech Is for 
Support,” Page One, Feb. 18]. 
A closely related point for 
the IT community is to 
avoid having your software 
vendor (and its implementa- 
tion partner) carry out the 
primary quality assurance 
reviews of IT implementa- 
tion projects. Is it realistic 
to expect a QA reviewer 


| 


| 


N THE MARCH 4 article 

“Corporate Privacy Cred- 

ibility Crumbles” [News], 
you say Procter & Gamble is 
trying to reinforce consumer 
confidence “by implement- 
ing a plain-language privacy 
policy [and] privacy seal 
certification.” So what? Have 
people forgotten that eToys 
had a plain-language privacy 
policy that was certified by 
Truste? As soon as eToys hit 
a rough spot, it started 


hawking its customer lists 
and customers’ personal 
information to prospective 
buyers. Only a public outcry 
stopped it from doing this. 
A privacy seal may certify 
what a company’s privacy 
policy is now, but these poli- 
cies are subject to change. 
Once your information is in 
their hands, if they change 
their minds about sharing it, 
there’s not much you can do 
about it. This means that 
privacy policies and certifi- 
cation seals are worthless. 
Daniel P.B. Smith 

Norwood, Mass 


COMPUTERWORLD welcomes 
comments from its readers. Letters 
will be edited for brevity and clarity. 
They should be addressed to Jamie 
Eckle, letters editor, Computerworld, 


| PO Box 9171, 500 Old Connecticut 


Path, Framingham, Mass. 01701 

Fax: (508) 879-4843. Internet 
letters@computerworld.com. Include 
an address and phone number for 


| immediate verification. 


| Quic 


For more letters 
on these and other 
topics, visit our 
Web site: 


| www.computerworld.com/q?q5000 





Gateway® Security Audit’ 
Don’t let your business investment go unprotected. The 
findings from the Gateway Security Audit will be the first 
step to uncovering potential problems of your company’s 
security, and can aid in protecting your entire technology 
environment, Services include: 
* Identification of Current Security Problems 

and Potential Issues 
* Detailed Custom Report Specific to Your 

Technology Environment 
* Prioritized List of Recommendations 
¢ General Security Advice 


with the purchase of any Gateway Server. 
S489 F REE Offer ends June 30, 2002. 


Gateway 910C Server 
Value-priced Business Server 
* Intel® Celeron® Processor 1.20GHz 
with 256K Full Speed L2 Cache 
128MB PC133 ECC SDRAM (Expandable to 2GB) 
20GB ATA100 5,400RPM IDE Hard Drive 
64-Bit PCI /O Technology 
‘ 3.5" Diskette and 48X IDE CD-ROM Drives 
(. O Oo d B u S in e S S S tra tegy « Integrated Graphics with 4MB SDRAM 
Integrated Dual Channel ATA100 IDE Interface 
Integrated Intel® PCI 10/100 Twisted Pair Ethernet 


S e cu r e Yo u r I n fo rm a tio n 3 HP* OpenView™ ManageX Event Manager 


1-Year On-Site Limited Warranty* 


Starting at $499 


Internet access has changed the way your business has to protect itself. $25 per mo. for 

tel 24 mos. business lease’ 
. 17 * 

Gateway has the technology solutions to help keep your information secure. We in ide 


offer security audits, physical access solutions and network protection options. 
A Gateway Network Solution Provider can come on-site to assess your 


security needs, provide you with a detailed report and make recommendations. Along with anti- Gateway 500L Business Desktop 
Mainstream Office System 

virus software, tape backup products and surge protectors to safeguard your data, Gateway offers * Intel® Pentium® 4 Processor 1.60GHz 
* 128MB DDR SDRAM 

a full range of robust business desktops, versatile notebooks and reliable servers. All are powered * 15" Color Monitor (13.8" Viewable) 

; : * 32MB NVIDIA” GeForce2 MX°200 AGP Graphics 

by Intel” processors, including the latest Intel Pentium 4 processor. 20GB Ultra ATA Hard Drive 

48X CD-ROM Drive 

Integrated 10/100 Ethernet 

Microsoft Works Suite 2002’ Software 

Microsoft” Windows" XP Professional 

1-Year On-Site Limited Warranty* 


$799 


You have a lot invested in your business, thankfully there’s something you can do to protect . ss 
j ) 5) $40 per mo. for 


For a limited time only, purchase any Gateway 910, 930 or 935 Series server and you'll receive 
a business Security Audit at no additional charge: That’s added protection and a reliable server 
for the price of a PC. 


: ; 24 mos. business lease’ 
that investment. And Gateway makes it affordable. Call us today. 


Gateway” PCs use genuine Windows” Operating Systems 


http://www.microsoft.com/piracy/howtotell 


Come into your 
local Gateway® store. 


| 


gateway.com 


I t Send your product tc 
location. On-site service excludes mice, k 
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SECURITY SENTINELS 


A handful of 
women, includ- 
ing Georgetown 
University pro- 
fessor Dorothy 
Denning (left), 
have overcome 
personal and 
professional 
obstacles to help set IT security 
policies used by the public and 
private sectors. PAGE 34 


CERTIFICATION STYMIE 


Microsoft’s changing requirements 
are leading some IT workers to 
question the value of their Win- 
dows NT 4.0 certificates and re- 
consider their options. PAGE 36 


PORTAL PICKLE 


Although an increasing number of 
companies are tapping enterprise 
portals to improve information 
sharing with employees, customers 
and business partners, only a hand- 
ful of organizations are tracking 
the returns that these gateways can 
provide. PAGE 38 


GUIDING GREENHORNS 


There are simple steps that experi- 
enced supervisors can take to pre- 
vent rookie managers from stum- 
bling out of the gates, says manage- 
ment consultant Carol A. Walker, 
who wrote an article about the sub- 
ject in this month’s Harvard Busi- 


ness Review. PAGE 40 


CAREER ADVISER 


Fran Quittel counsels an unem- 

ployed network support technician 
and a Unix programmer who hopes 
to break into bioinformatics. PAGE 42 


BUSINESS 


BART PERKINS 


After the Purchase 


F YOU WANT your IT organization to be successful, you must be 
effective at managing your suppliers. Research conducted by my 
firm indicates that a typical Fortune 500 company spends more 


than 60% of its IT budget on external suppliers such as vendors 


and consultants. 


An IT executive at an airline recently said 60% was 
far too high. He estimated that no more than 35% to 
40% of his budget went outside the company. But he 
later realized that he hadn’t included the costs of his 
company’s airline reservation system, frequent flyer 
program and yield management system, all of which 
were joint ventures. His revised estimate: 80% to 85% 
of all IT spending goes to external suppliers. 

Don’t find that alarming. Current trends indicate 
that even more IT dollars will be directed to external 
spending in the future: 

@ Outsourcing of IT infrastructure is increasing. 
Few IT departments have the capacity to develop 
and manage complex infrastructures, including serv- 
er centers, networks and desktops. An outsourcer 
that specializes in providing infrastructure can usual- 
ly offer better levels of service for less money. 

wg Off-the-shelf packages continue to replace cus- 
tom applications. The quality of available packages 
has increased so dramatically that it’s rarely cost- 
effective to develop homegrown applications unless 
they truly provide a competitive advantage. 

@ CIOs look favorably on hiring vendors to handle 
thankless jobs. Infrastructure management, for exam- 
ple, is what I call a tie-lose job; few CEOs stop by to 
say, “Great job keeping the servers up.” 

@ Corporations realize that their com- 
petitive advantages stem from their core 
competencies, so business process out- 
sourcing of noncore competencies is be- 
coming more prevalent. Accounts payable, 
for example, rarely provides competitive 
advantage, so it’s often prudent to out- 
source all of it. 

IT can also make its external spending 
more effective by addressing the following 
key supplier management issues: 

w Create target cost reductions. Consolidate 
your supplier portfolio, standardize your 
buying processes and improve your con- 
tract negotiation tactics to reduce spending 
on significant portions of the budget. 

@ Align buying decisions with your IT architec- 
ture. Many buying decisions today are dri- 


BART PERKINS is manag- 
ing partner at Leverage 
Partners Inc. in 
Louisville, Ky., which 
helps ClOs manage their | 
IT suppliers. He’s the for- 
mer CIO at Tricon Global | 
Restaurants Inc. and at 
Dole Food Co. Contact 
him at BartPerkins® 


ven by individual project needs without considering 
implications to architecture. In the case of one of my 
clients, buying against the architecture would have 
prevented the unnecessary complexity — and costs 
— of having eight database management systems, six 
e-mail systems and 15 desktop hardware platforms. 

w Develop an exit strategy for every critical supplier. When 
a contract comes up for renewal, have a plan for 
changing suppliers and minimizing the associated 
switching costs. A company without a Plan B is often 
held hostage by ruthless suppliers during contract 
renegotiations. In difficult economic times, it’s also 
prudent to have a contingency plan for disasters; if 
your supplier goes bankrupt, you must be able to re- 
cover as quickly and seamlessly as possible. 

w Understand the total cost of outsourcing. If you out- 
source, you must continuously manage the supplier. 
That promotes understanding and allows small prob- 
lems to be resolved before they grow. This takes time, 
money and a staff with the right skills, so don’t cut 
costs there. Invest in developing project and program 
management skills among your staff. 

w Invest in win-win relationships with critical suppliers. 
Win-win is the only way to sustain a buyer-seller 
relationship. If you squeeze your suppliers so much 
that they can’t make a profit (or worse, go 
out of business) you have created a lose- 
lose situation. Being forced to replace a 
supplier unexpectedly can cause more 
headaches and expenses than dealing effec- 
tively with the one you have. 

In a sluggish economy, it’s important for 
IT to show fiscal discipline and provide a 
good return on all its spending. Effective 
supplier management is one of the best 
ways to leverage your spending and boost 
the success of your IT organization. D 


EDITOR’S NOTE: Perkins, a former CIO who now 
helps his onetime peers manage IT vendors and 
suppliers, will write in this space on the second 
week of every month. His column replaces Joe 
Auer’s “Driving the Deal.” 





Introducing Fujitsu Consulting—a partner who shares your vision 


In times like these, you can't afford to work with a consultant who’s single-minded. 
You need a company that understands the true meaning of collaboration. At Fujitsu 
Consulting, we share your vision right from the start, and we never lose sight of your 
business goals throughout the process. This has always been our approach, one that 
further benefits from the expertise and resources of the entire Fujitsu group, which 
has long provided world-class IT products and platforms all over the globe 


Unique ROI-focused methodology 

As a forward-thinking global consulting organization, we utilize a unique, proven 
methodology that delivers a rapid and measurable return on your IT investment. 
It starts by focusing on the results the client expects to achieve. It then provides 

a road map through the design, implementation and operation of the solution to 
achieve the desired results. 


Industry and business-process knowledge 

Fujitsu Consulting creates tailored solutions for a variety of industries~in particular, 
communications, financial services, and government. Whether it’s core back office, 
front office or extended functions, we enable companies to better serve their customers 
and collaborate with their extended supply chain of employees, vendors and partners. 


Fujitsu Consulting—the new alternative 

In creating powerful IT solutions, we live and breathe three simple ideas: deep 
collaboration with our clients, an eye-to-eye approach, and a passion for getting the 
job done. It is the unique combination of global scope and human scale that sets us 
distinctly apart from our competitors. And, perhaps, earns us a spot on your short 
list of consulting partners. 
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THE POSSIBILITIES ARE INFINITE 


us.fujitsu.com 
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The speed at which critical national func- 
tions are being moved online increases the 
risk of vulnerability, say former CIA and 
NSA security experts in exclusive inter- 


views with Computerworld. 


] HILE cyberterrorism | 
may not be an imme- 

| diate threat, it would 
be foolish not to rec- 
| ognize that the U.S. 

| is facing a “thinking enemy” who will 

| adapt to attack our critical infrastruc- 

| tures and vulnerabilities, says Ruth 
David, former director for science and 


technology at the CIA. 
| David is now president and CEO of 
Analytic Services Inc., an independent, 
| not-for-profit, public service research 
institution in Arlington, Va. 
She and Bill Crowell, CEO of 
nae AY Santa Clara, Calif.-based secu- 
rity firm Cylink Corp. and a 
| former deputy director of the super- 
| secret National Security Agency, each 
participated in rare interviews with 
Computerworld’s Dan Verton. They 
| discussed the threats posed by cyber- 
| terrorist attacks and the steps that the 
public and private sectors should take 
to thwart them. 


There’s been speculation, even before 
| Sept. 11, about the U.S.’s vulnerability to 
an “electronic Pearl Harbor” or cyberter- 
| rorist attack. How has this changed since 
Sept. 11, and how vulnerable are the various 
| economic sectors to cyberterrorist attacks? 
David: While it is true that major ter- 
rorist attacks to date have targeted hu- 
| man lives, I would not blindly extrapo- 


late that behavior into the future. After 


| all, on Sept. 10, we would not have ex- 


pected a hijacker to turn a commercial 


| airplane full of passengers into a guid- 
| ed missile, and even on Sept. 12, we 
| did not envision exploding shoes as 


a threat to aviation. 
In the aftermath of the 9/1] attacks, 


| those adversaries almost certainly ob- 
| served the immediate effect of service 


interruptions as well as the prolonged 


| economic impact of infrastructure dis- 


ruptions. While the weapon used was 


| explosive rather than cyber, it doesn’t 


take much imagination to see that sim- 
ilar effects could be achieved through 


| cyberterrorism. 

| Crowell: Clearly, the vulnerabilities of 
| the nation to cyberattack are growing. 

| Critical national functions like bank- 


ing, financial services, health, water 


| and communications are increasingly 


dependent on highly automated sys- 


| tems that connect the many nodes of 


their operations. 
These changes in the degree to 


| which business and the government 


are dependent on public networks 
have been occurring for about a 


| decade. The disturbing thing is that all 
| of the trends are in the wrong direc- 
| tion. Business is moving more and 


more critical functions to networks. 


| The speed and complexity of the de- 


ployments make it difficult for them to 
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| employ good defenses rapidly. Diver- 
sity is decreasing as we migrate more 
to common operating systems and 

| common network systems. 


To what extent is the war on terrorism, 

| particularly the battle for improved home- 

land security, a technology problem? What 

roles do you see the government, corporate 

America and the IT vendor/developer com- 

| munity playing? 

David: Technology is only one com- 

| ponent. Without supporting policy, 

effective processes and well-trained 

people, technologies solve nothing. 

Deployment of facial recognition tech- 

| nologies at border entry points will not 

ensure apprehension of terrorists. 
Corporate America will play an in- 

creasingly important role in develop- 

ing security technologies to protect 

nongovernmental personnel and prop- 

erty that may be targeted by terrorists 

attacking what we are as a nation rather 

| than what we do as a government. 

| Crowell: The battle for improved 

| homeland security involves both tech- 

nology and processes. Technology can 

| be used to make the processes more 

| efficient, predictable and effective. 

| The Transportation Security Agen- 

| cy, {Federal Aviation Administration] 

| and Department of Transportation are 

| all looking for ways to improve [air- 
port security]. However, I am particu- 
larly concerned that many of the criti- 
cal processes are now using technolo- 
gies that are more vulnerable, not less. 
An example is the use of wireless 
LANs for the tracking of baggage. 

| Without proper encryption and au- 

thentication, the baggage handling sys- 

tem will not prevent either insider or 

outside attack. 





Some have said that the government’s push 
to create a separate and secure intranet 
| (GovNet) for sensitive government opera- 


Cyberterr 
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tions and possibly e-commerce 
is tantamount to throwing in 
the towel on Internet security. 
Are there viable alternatives 
to disconnecting from the 
Internet? 

David: To the extent that 
terrorists attack symbols 
of America, seek to shake 
the confidence of the public in our 
government's ability to protect (citi- 
zens], and/or seek to inflict economic 
damage, GovNet solves nothing, since 
many valuable cybertargets would be 
left undefended. In fact, a separate net- 
work might actually impede the home- 
land security mission since it could 
further isolate government from indus- 


growing. 


“Clearly, the vulner- 
abilities of the nation 
to cyberattack are 

~ Bill Crowell, CEO, 
Cylink and former 
deputy director, NSA 


~ BUSINESS}/\ 


try and the American pub- 
lic at a time when commu- 
nication and collaboration 
are desperately needed. 


In particular, I believe the 


absence of a coherent gov- 
ernmentwide security poli- 
cy has significantly limited 
our ability to protect sensi- 
tive government operations. 

Crowell: I think that the GovNet ini- 
tiative has been misrepresented in the 


| press. Perhaps this is because the gov- 


ernment did not carefully lay out the 
principles in the beginning of the dis- 
cussion. [The government has] advo- 
cated that the core mission systems be 
on separate private networks that are 


BUSINESSES ARE MOVING critical functions onto networks so quickly that it’s difficult 
for thern to deploy good defenses in a timely fashion, says Cylink CEO Bill Crowell 


highly protected from denial-of-service 
attacks and from hacking and cyber- 
attacks. 

The Internet would be used for 
e-government to enjoy the enormous 
reach it provides to the public. These 
are not new concepts. In banking and 
financial services, these policies have 
long been the basis for their risk man- 
agement practices. 


| Howard Schmidt, the deputy chairman 


of the President’s Critical Infrastructure 
Protection Board, said recently that the 


| next national plan for protecting the coun- 


try’s critical systems and networks will 
be written with the help of the private sec- 
tor. What do you think the immediate priori- 


| ties and focus should be for such a public/ 


private plan? 
David: If I were to offer a top priority, 
it would be to establish trust between 


| government and industry and among 
| the key industry sectors. This means 


first and foremost to create a safe envi- 
ronment for the sharing and analysis of 


| information regarding cyberattacks 


and discovered vulnerabilities. 
My next priority would be to bolster 


| our intrusion-detection capabilities. I 
| worry less about the overt attacks that 


disrupt service than the subtle attacks 
designed to steal or corrupt data — at- 
tacks that may go undetected until dis- 
aster occurs. 

Crowell: I think that there are two 
elements that should be part of the 
plan. The first is that the government 


| should be a leader in network security 


and move quickly to employ the best 
practices for both GovNet and e-gov- 
ernment. The second is that the [Se- 
curities and Exchange Commission] 
should establish the same risk disclo- 
sure rules for network security that it 
used to focus attention on Y2k and on 
disaster recovery. 

Without such a mechanism, there is 
a strong likelihood that the vulnerabili- 
ties and risks in network-based busi- 
ness won't get the attention that [they 
need] until there is a disastrous event. 
I think that the disaster recovery sys- 
tems of the financial businesses in the 
World Trade Center saved many of 
them from total collapse. DB 


orist Uhreat 





‘Terrorism 
1Ol With 
8 ‘ 
Eric Shaw 
Eric Shaw, a former CIA profiler and 
clinica! psychologist who now con- 
sults for Stroz & Asseciates LLC, a 
cybersecurity firm in New York, takes 


Computerworld’s Dan Verton inside 
the minds of terrorists. 


There’s been a lot of speculation, 
even before Sept. 11, about the na- 
tion’s vulnerability to an “electronic 
Pearl Harbor,” or cyberterrorist at- 
tacks. But there has been little evi- 
dence that terrorists value cyber- 
attacks. What has changed since 
Sept. 11? 
Shaw: There’s still little evidence that 
traditional terrorist groups place a high 
priority on cyberattacks vs. using infor- 
mation technology for communication, 
command and control, and propaganda. 
Guns, bombs and vehicles [such as] 
trucks, planes and boats for delivery ap- 
pear to be quite adequate for their 
needs, as the Sept. fl attacks showed. 

| am worried that a new operational 
standard has been set up for imitation. 
| think we are going to see more attacks 
on relatively unprotected civilian sites 
and on individuals. The same trend may 
occur in this country as terrorists turn 
away from heavily fortified government 
facilities to less protected corporate 
sites. 


Are there any exceptions to the 
lack of terrorist interest in cyber- 
attacks? 

Shaw: Yes. First, there are several types 
of nontraditional, politically motivated 
groups that cannot at present be consid- 
ered terrorists that have utilized low-level 
cyberassaults, especially denial-of- 
service attacks. These groups often are 
referred to as members of antiglob- 
alization, hacker, anarchist and other 
Coalitions, often associated with our po- 
litical left. They have actively organized 
and recruited individuals and groups for 
cyberattacks against their identified ad- 
versaries. 

Second, | am concerned about online 
or face-to-face recruitment of disgrun- 
tied IT specialists. For example, there 
were rumors earlier this year that an al- 
Qaeda affiliate had placed moles into 
Microsoft who had introduced Trojans 
into Windows XP. Though denied by the 
company, think of the potential impact 

The IT field is one of the most interna- 
tional and ethnically diverse in this coun- 
try, and its members . . . may represent 
a very attractive recruitment pool for ter- 
rorist organizations. 
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No matter the size of your company, we've got a server that fits. Dell PowerEdge servers with Windows” 2000 Server have many 


“abilities” manageability and serviceabi with your business, minimize downtime, are easy t 


scalability, availability, 


even easier to support. No matter what your business needs to database management — you can choose a PowerEdg 


Microsoft® Windows® 2000 Server operating system that is right for \ y dealing direct with Dell, you get a system customized t 


needs, at an affordable price, backed by our award-winning service and support. It's an 


Dell | Small Business 
PowerEdge™ 1500SC Server 


NEW Simple and Strong Server 
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Here are the 


tales of three trail- 


blazers whose work in computer 
security and forensics have 
helped shape modern practices. 


S FAR BACK as the 1970s, 
three women began 
preparing the world for 
the havoc about to be 
unleashed by networked 
computing. From their humble origins 


| inlaw enforcement and academia, their 
| influence on computer security prac- 

| tices has spread to government and pri- 
| vate sector alike — despite the fact that 


| Martha Stansell-Gamm, 


two of the women had 
virtually no IT or scientific 
backgrounds. 

These security pioneers include 

a former U.S. 


| Air Force judge advocate who started 


an arduous fight against breast cancer 
as she took over leadership of the then 


| 8-year-old Computer Crime and Intel- 
lectual Property section of the U.S. 


Department of Justice (DOJ). 
While developing the DO)J’s foren 


| sics procedures for search and seizure 
| of electronic evidence, Stansell-Gamm 


crossed paths with Raemarie Schmidt, 
who developed digital forensics proce- 


| dures for Wisconsin’s branch of the 


Sec 


DOJ. Schmidt’s work helped set the 





| “kick the ball” 


ur 


standard for computer forensics now 
used by law enforcement agencies 
around the nation. 

And there’s Dorothy Denning, a dis- 
tinguished computer science professor 
at Georgetown University in Washing- 
ton, whose writings have set the stage 
for information security practitioners 
for the past 27 years. 


| Fight of Her Life 


For eight years, Stansell-Gamm part- 


| nered with her department chief, Scott 
| Charney, to grow the Computer Crime 


and Intellectual Property section of 


| the DOJ. Logically, Stansell-Gamm was 


the best choice to fill Charney’s shoes 
when he left the department in 1999, 
But the same week she learned of her 
promotion, she received news of a 


| different sort: She was diagnosed with 
| advanced breast cancer. 


The department was already smart- 


| ing from the loss of its founder, and 
| Stansell-Gamm worried about what 


would happen to her unit during this 
leadership vacuum. 
“All I could do is put one foot in 


| front of the other, count on the section 
| to do right by me and to do right by 


our mission,” she says. “Everyone just 
handled it. They jumped into unfin- 


| ished, high-level projects they had no 
| experience with and took over what 
| needed to be done.” 


Now cancer-free, she’s been back on 


| the job for two years, leading the DOJ’s 
| efforts in multijurisdictional computer 
| crime investigations and coordinating 

| DOJ representation in developing in- 


ternational cyberlaws. The biggest and 


| most difficult part of her job, she says, 
| is getting all the players — corporate 
| victims, law enforcement, state attor- 


neys and intelligence agencies — to 
to one another. 
“We're like a bunch of 5-year-olds 


Sentin 
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WHO IS SHE? 


_ Martha 
Stansell-Gamm 
Position: Chief, Intellectual Property 
and Computer Crime, DOJ 


Education: Phi Beta Kappa, DePauw 
University, Greencastle, Ind.; law de- 
gree, Georgetown University; master's 
in international law, Harvard University 


Claims to fame: 
@ Helped shape amendments to the 
1986 Computer Fraud and Abuse Act 


= Group chairwoman and editor, 
Federal Guidelines for Searching and 
Seizing Computers, 1994 


= U.S. representative in Council of Eu- 
rope’s Cybercrime Treaty, 1992-2001 


= Coordinated the DOu's participation 
in many high profile investigations, 
starting with the investigation that 
landed computer cracker Kevin Mitnick 
behind bars in February 1995 


| playing soccer, where we all huddle 


around the ball,” says Stansell-Gamm, 


| who was a soccer mom when her three 
| kids, now teens, were younger. “At 


public speaking engagements, I tell 


| audiences that we need to position our- 
| selves on the field and pass the ball.” 


That type of statement is typical of 


Stansell-Gamm, says Charney, who 
| became Microsoft Corp.’s chief securi- 
| ty officer April 1. “ 
| plexity of each issue,” 
| her leadership from 1994 to 1996 in 
| amending the sentencing guidelines to 


She sees the com- 
he explains of 


the 1984 Computer Crime and Abuse 
Act. “For example, she recognizes that 


| enforcing new laws on the Internet 
| could chill free speech, so she has been 


careful not to turn evolving social 
mores on the Internet into definitions 
of criminal activity,” he says. 


Forensics Forerunner 
Working law enforcement investiga- 
tions in the mid-1990s was an exciting 
time for Schmidt, 
pioneer and supervisor of curriculum 
| development for the computer crimes 
section at the National White Collar 
Crime Center in Fairmont, WVa. 
“We'd go in behind the raid team and 


a digital forensics 
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RAEMARIE SCHMIDT 


Supervisor, curriculum 
development, computer crime sec- 
tion, National White Collar Crime 
Center, Fairmont, W.Va. 
(www.cybercrime.org) 


Bachelor’s degree in 
chemistry, University of Wisconsin 


= Chaired the DOJ’s working group 
to develop digital evidence seizure 
and processing protocols for the 
state of Wisconsin 


= Assisted on search warrants and 
laboratory forensics examinations 
for the Wisconsin State Crime Lab 
and the National White Collar Crime 
Center from 1992 to 1999 


= Trainer at the Federal Law En- 

forcement Training Center, state 

agencies, NATO and the American 
Academy of Foren- 
sics Science 
= Oversees curricu- 
lum development at 
the National White 
Collar Crime Center 


BUSINESS® 


LAMBERT 


KATHERINE 


DOROTHY DENNING 


Distinguished professor, 
computer science, Georgetown 
University 


Bachelor’s and master’s 
degrees in mathematics, University 
of Michigan; doctorate in computer 
science, Purdue University 


= Founder of Georgetown’s Institute 
for Information Assurance 


# Writer on encryption, intrusion 
detection, information warfare 
and many other must-reads for IT 
security leaders 


# Awards include Security Innovator, 
Time magazine, 2001; TechnoSecu- 
rity Professional of the Year, 2000; 
National Computer Systems Security 
Award, 1999 


= Association for 
Computing Machin- 
ery (ACM) fellow, 
1999; ACM Recog- 
nition of service 
award, 1985, 1987, 
1989, 1994, 1995 


| knack for technology, link- 


struments to early Unix 


use an early precursor to the Jazz and 
Zip drives to make evidentiary backups 
from parallel port to parallel port. We 
had to do this without shutting down 
the legitimate business completely,” 
she says. “And in home searches, you’d 
walk into a disaster zone — cables, 
equipment and floppies everywhere.” 
Before getting into computer investi- 


| gations, Schmidt tested drugs for 20 


years, first for a pharmaceutical com- 
pany and then for law enforcement, 
where she set up the drug testing facil- 
ity for the Wisconsin State Crime Lab 
in Milwaukee. That’s 

where she discovered her 


ing laboratory testing in- 


systems in the late ’80s by 
soldering on the cable con- 
nectors herself. 

So when her boss re- 
turned from a seminar in 
1992 and charged Schmidt with devel- 


| oping a computer forensics depart- 


ment, she approached it scientifically 
and technologically. She used her sci- 
ence skills to turn the ad hoc process 
of computer investigations into a mod- 
ern-day forensics practice. Then she 
used her technological prowess to 
track down computer vulnerabilities 
and technologies to aid investigators. 

Now, as supervisor of curriculum 
development, she’s overhauling old 
courses and adding new ones, along 
with hiring and screening contractors 
and investigators and overseeing in- 
structor development. And she’s still 
researching the ways new technologies 
will be used in crimes. 

“In the last year, we’ve really only 
seen the tip of the iceberg in digital 
forensics,” says Chris Stippich, co- 
founder of Digital Intelligence Inc. in 
Waukesha, Wis., who worked with 
Schmidt at both the Wisconsin State 
Crime Lab and the National White 
Collar Crime Center. “I think Rae- 
marie’s going to continue to be at the 
forefront, pushing the envelope on the 
discipline of digital forensics.” 


The Security Mentor 

The relationship between comput- 
ing subsystems and user access to 
resources intrigued Denning in the 
1970s. She wrote her doctoral thesis on 
secure information flow in 1975, some 
20 years before colleges were thinking 
about information security courses. 

“The topic of my thesis was how to 
keep top-secret data from reaching an 
uncleared user, which was a challeng- 
ing problem for the Department of 
Defense, who wanted all levels of users 


“These women share the 
‘common goal of building 
secure and healthy net- 
works and doing the 
right thing to get there.” 
- Howard Schmidt, co-chair, 
President's Critical Infra- 
structure Protection Board 


to share the same computer,” she says. 
After publishing her thesis, Denning 
kept writing. Since then, her 120 arti- 
cles, three books and television and 
radio appearances, along with con- 
gressional testimonies, are the basis for 
much of today’s thinking on IT security. 
“She’s become a mentor for those of 
us who are operational in the field, 
even though she’s an academic,” says 
Howard Schmidt, co-chairman of the 
President’s Critical Infrastructure 
Protection Board in Washington. “Her 
writings give me a balance, particularly 
those on information war- 
fare, intrusion detection, 
and even her unpopular 
belief on the Clipper chip 
and encryption-key es- 
crow,” he says, referring to 
when Denning positioned 
herself on the side of the 
government for these col- 
lection and recovery initia- 
tives. When she did, the outcry was 


| deafening. 


“The attacks were very personal,” 
she says. “I had new names, like 
‘Wicked Witch of the East.’ I would 


| come home very stressed out.” 


Denning coped by doing more re- 
search, even polling Howard Schmidt 
and others about the impacts of en- 
cryption on evidence recovery. She 
also responded in forums, including a 
July 1996 HotWired “Brain Tennis” 
match with John Gillmore, co-founder 
of the San Francisco-based Electronic 
Frontier Foundation. Eventually, as 
the government's proposals failed and 
Denning took a position in favor of 
easing encryption export laws, the 
criticism died down. 

As Howard Schmidt says, Denning’s 
position is all about balance. She talks 


| of the balance between computer secu- 


| 
| 
| 
| 
| 
| 
| 


rity and operability, something that 
made her quit her job in the early ’80s 
at Menlo Park, Calif.-based SRI Inter- 
national Inc., where her responsibili- 
ties included trying to secure databas- 
es. She left for a position at Digital 
Equipment Corp. that focused on us- 
ability. Denning continues to analyze 
trends in network attacks for signs of 
terrorist activity. 

“People want to know if cyberterror- 
ism is going to happen and when it will 
happen,” she says. “It’s hard to know 
because it’s speculative.” D 


on For links to more information about 
. these women, visit 
Dink www.computerworld.com/q?28313 


Nancy Wong was recruited by the 
National Security Agency to help set up the White 
House's Critical Infrastructure Assurance Office. Learn 
more about her at www.computerworld.com/q?28567 
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MCSE Concerns 
Rankle IT Pros 


Despite the fact that Microsoft did an about-face 
last fall and will continue honoring MCSE NT 4.0 
certifications, many IT professionals are still miffed 
about its credential requirements. By Julekha Dash | 


ONTHS OF CONFUSION re- 

garding Microsoft Corp.’s po- 

sition on its Windows NT 4.0 

certification exam have left 

some IT professionals feel- 

ing uncertain about the fu- 
ture of their credentials. 

In 2000, the software maker an- 
nounced that the Microsoft Certified 
Systems Engineer (MCSE) NT 4.0 cer- 
tification would expire by the end of 
2001 and that IT professionals certified 
on NT 4.0 would have to upgrade to 
Windows 2000 in order for their certi- 
fications to remain valid. Some critics 
saw this as an attempt to strong-arm 
IT workers and the industry at large to 
migrate to Windows 2000. 

In response to these complaints, Mi- 
crosoft reversed its position in Octo- 
ber. But in spite of the turnaround, 
some IT workers say they are still 
wary of the company’s policy regard- 
ing certification exams. 


Certification Bandwagon 

“A lot of people jumped onto the cer- 
tification bandwagon in hopes of fin- 
ishing the MCSE certification within 
six to nine months or a year,” says Matt 
Pierce, a network administrator at 
Saferent Inc., a Denver-based company 
that provides applicant-screening ser- 
vices for apartment communities. But 
when Microsoft announced it would 
retire the NT 4.0 exams, some IT 
workers abandoned the idea of getting 
certified in a technology that’s on its 
way out, he says. 

Then, when Microsoft reversed its 
decision and said it wouldn’t retire NT 
4.0, IT professionals lost valuable time 
that they could have spent preparing 





for the NT 4.0 exams, Pierce adds. 
One compromise Microsoft offered 
until the end of last year was an accel- 


| erated Windows 2000 track for those 
| who had passed three NT 4.0 exams. If | 
| an IT worker were to pass a one-shot 


examination, he could forgo the nor- 


| mal four core exams — and become 


certified in Windows 2000. Three elec- 
tive exams were also required in either 


| case. But Microsoft stopped offering 


the one-shot exam in December of last 


| year (see timeline). 


Garrette Slonacher, a network engi- 
neer at Response Computer Group Inc. 


| in Milford, Del., failed the accelerated 
| exam in December. Slonacher says he 
| “doesn’t have time to study five hours 


a night” in addition to working and 


| spending time with his family. His 
| employer spent $10,000 to send him to 


an MCSE “boot camp” to prepare for 
the MCSE NT 4.0 exams. 


Slonacher says he was shocked when | 


he heard that Microsoft would retire 


MCSE Timeline 





the certifications. “I didn’t think I'd 

lose the certification,” he says. “If you 
get a degree in electronic engineering, 
you don’t lose the engineering degree 


because of new technology.” 


Even though Microsoft decided not 
to retire the MCSE NT 4.0 credential, 
Slonacher is skeptical as to how long it 
will be recognized before Microsoft 
begins pushing newer technologies 
such as .Net instead of Windows 2000. 

“Everybody is still overwhelmed by 
Win 2k and Active Directory, even 
though [they have been] out for a long 
time,” says Pierce. As Microsoft intro- 
duces new platforms, such as .Net and 
XP, it’s difficult to keep up with every 
new technology, he says. 

Anne Marie McSweeney, director of 
certification skills and assessment at 
Microsoft, says the company decided 
in October that it wouldn’t “decertify” 
any other Microsoft certificate hold- 


| ers. “People in the program can be as- 
sured that they are [certified] for life,” 


she adds. 


| AChange of Heart 


David Sanders, general manager of 
Management Systems Designers Inc. 
in Vienna, Va., applauds Microsoft for 
reversing its decision last fall. This 
change of heart allows companies and 
IT professionals greater flexibility to 
use the technologies with which they 
are most comfortable, says Sanders, 
whose company is a certified Micro- 
soft Solution Provider that does high- 
tech work for federal agencies. 

Although some larger companies 
have specified that they want to hire 
people who are certified in the latest 
versions of Windows, NT is still very 
popular, notes Sanders. “When you 
look at the business community, NT 


and derivatives still dominate,” he says. | 


Yet some analysts think getting re- 
certified is the only way to stay com- 


| petitive in the technology industry. “If 


1999 2000 
ERRRERREE JSR RReeeeeee 


FALL1999 <———~ 
Microsoft announces that IT 
workers who hold MCSE NT 
4.0 certification must pass 
Windows 2000 exams by 
Dec. 31, 2001, or lose their 
certification. The company 
also says that it will retire all 
Windows NT 4.0 exams at the 
end of 2000. 


DECEMBER 2000 <— 
Microsoft extends the certifi- 
cation deadline from Decem- 
ber 2000 to February 2001 
Redmond also announces that 
it will offer a one-shot compre- 
hensive exam that allows 
users to upgrade from NT to a 
Windows 2000 MCSE without 
taking the four core exams. 


OCTOBER 2001<«— 

In response to complaints, Mi- 
crosoft backtracks on its certi- 
fication stance and decides 
not to retire the MCSE NT 4.0 
credential. 
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BOTTOMING OUT 
ON BONUS PAY 


According to a new report from Foote Part- 
ners LLC, bonuses for Windows NT special- 
ists dropped 41% from the first quarter to 
the fourth quarter of last year, due primarily 
to a combination of layoffs, a decline in de- 
mand for NT specialists, and cuts in spend- 
ing on servers and PCs. 


CC:Mail 

Windows NT 
Routing 
PowerBuilder 
Lawson Software 
J.D. Edwards 
HTTP 

10Base-T switching 
Ethernet 


you play in this game, there is a con- 
stant recertification process,” says 
Dave Murphy, membership director at 
the International Association of Infor- 
mation Technology Trainers Ltd. in 
Elkridge, Md. And if Microsoft decides 
to retire a particular certification, peo- 
ple can simply explain on their ré- 
sumés that they were “certified until 
Microsoft canceled the exam,” he adds. 
The best move for time-pressed IT 
workers is to be selective about their 
Microsoft certifications, says Pierce. 
“There is no need to be certified in 


| everything Microsoft does. It’s not re- 
| alistic,” he says. “Companies are not 


always quick to jump on the latest Mi- 
crosoft product until multiple service 
packs have been released and the bugs 
have been eliminated.” 

In addition, says Pierce, IT workers 
would be better prepared in the mar- 
ketplace if they broadened their skills 


| by getting certified through other ven- 


dors or organizations. D 


Dash is a freelance writer in Lewes, 
Del. She can be reached at mail@ 
julekhadash.com 


To read other Computerworldstories 
about Microsoft Certified Systems 
Engineers, visit our Web site: www. 
computerworld.com/q?28366 
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HATEVER YOUR VIEW of 

enterprise portals — and 

there are as many opin- 

ions as there are IT infra- 

structures — the concept 
of centralizing the location of perti- 
nent information and transactions is a 
solid one. 

Portals can be valuable tools for 
enhancing business processes. 

Anadarko Petroleum Corp. in The 
Woodlands, Texas, uses software from 
Pleasanton, Calif.-based PeopleSoft 
Inc. to make pay stubs available to em- 
ployees electronically, thus cutting its 
postage and processing fees. 

AmeriKing Inc., the largest indepen- 
dent Burger King Corp. franchisee in 
the U.S., uses a portal from San Fran- 
cisco-based Plumtree Software Inc. to 
give its dispersed employees access to 
corporate performance data. 

At Westchester, Ill.-based Ameri- 
King, inventory reports, sales and fi 
nance data, human resources informa- 
tion, e-mail and corporate documents 
are all available on a personalized, 
Web-based desktop. Indeed, company 
officials estimate that the portal saves 
the firm about $500,000 per year on re- 
duced printing and distribution costs 
for things such as physician directo- 
ries, employee profiles and employee 
contact information. 

The portal also allows AmeriKing 





~ BUSINESS! 
Plugging 


Into Portal 
Returns 


While early adopters of enterprise portals 
know what kind of functionality they want 
out of these systems, many organizations 
are still struggling with how best to 
measure their benefits. By Pimm Fox 


employees to change personnel infor- 
mation about themselves to their 


| employment and benefits files — thus 


helping to cut the company’s human 
resources costs. 

But to extract these kinds of returns 
from a portal requires specific plan- 
ning on the part of business managers 
— not just IT personnel. 

“There are three overarching com- 
ponents to a portal strategy,” says Laura 
Ramos, research director at Gig¢ 
mation Group Inc. in San Jose. “First, 
you have to define who is going to use 
the portal, then you need to look at 
what you currently have in the way of 
IT infrastructure, and finally, you need 
to measure the payback — the before 
and after.” 


The Breakdown 


But while companies may know 
what they want their portals to deliver 
and may even have a concrete assess 
ment of their IT structure, they’re still 
grappling with how to measure their 
returns. A study published by Cam- 
bridge, Mass.-based Forrester Research 
Inc. in August 2001 revealed that 41% 
of 49 portal managers from Global 
3,500 firms using portals weren't mea- 
suring their benefits at all, and “20% 
don’t know if they are,” says Frank 
Gillett, a Forrester analyst (see chart). 

Keeping measurement in mind, 


‘Quick 
Tnke 


portals by definition need to identify 
specific user groups that will benefit 
from their content or available appli- 


cations. Once a portal use is identified, 


there are four basic categories of por- 


| tal products to consider. 


Companies such as BEA Systems 
Inc., IBM, Sun Microsystems Inc.’s 
iPlanet division and Oracle Corp. all 


| offer tools for building portals, be- 
| cause some users see the need to 


modify existing applications or need 


| additional customization in order to 


meet the portal’s requirements. 
A second category includes tra- 


| ditional enterprise resource planning 


vendors, such as PeopleSoft, SAP AG 


; and Siebel Systems Inc. 


A third category is defined by 
knowledge and content management 


| vendors, such as Redwood City, Calif.- 
| based BroadVision Inc., Microsoft 
| Corp.’s SharePoint Portal Server and 


Austin-based Vignette Corp. 
Finally, there are pure portal compa- 
nies, such as Plumtree and San Fran- 


| cisco-based Epicentric Inc. 


Keys to Success 


The technical challenge of assem- 


bling the power of many back-end 


applications and information at one 
location doesn’t appear to be a major 
factor in the success of enterprise 
portals. Instead, the problem right now 
is a leap of faith. 

“[For] large corporations [that] have 
started their portal efforts, it’s a com- 
petitive advantage,” says Nate L. Root, 


| an analyst at Forrester. They have to 
| “get very detailed about who goes to 


use it and why,” he says. 
Those issues are supported by a 
Web-based survey of Fortune 2,000 


| companies conducted in December 


and January by Redwood City, Calif.- 
based Enviz Inc. Of the 156 IT leaders 
who responded, 70% acknowledged 
that they couldn’t measure where and 
why visitors leave a business process 
at a portal. And when asked how they 
measure the return on investment of 
their portals, the majority of respon- 
dents said they don’t measure it. 

lhe key, say analysts, isn’t to focus 
on the technology but to evaluate 
current business practices to see what 
kinds of information are delivered and 
where a process can be made more 
efficient with self-service techniques. 
Without this approach, enterprise 
portals will end up as rudderless IT 
projects. D 


For links to other stories on 
portals, go to www.computer 
world.com/q?28362 
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How are you measuring the 

benefits of enterprise portals?* 
We aren't 41% 
Don’t know 20% 
Cost analysis 16% 
Web site/log files 8% 
User surveys 6% 
RO! analysis 6% 
Measure latency of a task 


Number of IT requests 4% 


What information, news, data 

and activities are in the portal?* 
Benefits information 82°% 
Company news 78% 
Empioyee directory 53% 
Education and training 49% 
Departmental information 37% 
Personnel info updates 
Company forms 
Financial news 
Sales information 
Payroll adjustments 
Industry news 
Collaborative tools 
Online IT help desk 
Travel booking 
E-mail 


33% 
27% 
24% 
24% 
20% 
16% 
16% 
14% 
12% 


What is the total cost - 
products, staff, consultants - 
of your initial portal effort?* 
COMPLETED PORTALS 
Maximum spent 
Mean spent 
Median spent 
Minimum spent 


$2.5M 
$657,368 
$300,000 
$20,000 


PLANNED PORTALS 

Maximum budget 

Mean budget 

Median budget SIM 

Minimum budget $25,000 
* MULTIPLE RESPONSES ALLOWED 


SSM 
$2.03M 





WebSphere. Boil 


This is the FOREMAN 
That placed the Order 
That went through the Dealer 
That notified Contracts 
That alerted Manufacturing 
That checked with Accounting 
That contacted Shipping 
That sent the Delivery 
That sealed the Process 
— That lives in the Business Integration Software 
@ That we built Together. 


ry, visit ibm.com/websphere 


: : IT’S A DIFFERENT KIND or WORLD. 
@ business software YOU NEED A DIFFERENT KIND or SOFTWARE. 
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Why Rookie [TT Managers 
Make Classic Blunders ... 





... and how you can help them succeed. A Harvard 
Business Review writer offers some suggestions 


New managers often fail for predictable 
reasons. In this month’s Harvard Busi- 
ness Review, Carol A. Walker tells how 
good supervisors can help rookie man- 
agers avoid the obstacles 

that so often trip them up. 

Walker is president of Pre- 

pared to Lead (www. 
preparedtolead.com), a 

management consulting firm 

in Weston, Mass. She previ- 

ously worked for 15 years as 

an executive in the insur- 

ance and technology indus- 

tries. Walker told Computerworld’s 
Kathleen Melymuka that these observa- 
tions and lessons apply especially to IT, 
where the work of individual contribu- 
tors and managers is hugely different. 


Q: Why do so many rookie IT managers fail? 
A: Managing is always different from 
doing, but in IT, the difference may be 
even greater than in other fields. The 
reason they don’t succeed is that the 
difference is underappreciated. They 
don’t truly understand their new role 
and how they should be spending their 
time, which is fundamentally different. 


Q: What is the fundamental difference? 
A: It’s the difference between guiding 
processes and communicating direc- 
tions vs. rolling up your sleeves and 
writing code: individualized work 
vs. communication. 


Q: Why do new managers hesitate to ask 
for help? 

A: Rookies are already feeling vulnera- 
ble. If they’re pretty high in self-confi- 
dence, they’re more likely to ask for 
help, but many don’t. In our society, 
asking for help tends to denote weak- 
ness, and IT is a field where people are 
even more used to having the answers. 


Q: As the rookie’s boss, how can | tell 
whether he needs help? 

A: Observe the manager’s interactions 
with his staff. Find opportunities to 
talk to staff independently — not about 
the manager, but about what’s going on 





| in the department and how clear the 
| objectives are. If objectives are clear 
| and people seem focused, he’s proba- 
bly doing a good job. 


Q: If a rookie needs help, how 
can | show that it’s OK to ask? 
A: There’s no substitute for 
communication. Have reg- 
ular meetings with rookie 
managers — maybe more 
frequently in the beginning. 
Ask probing questions 
about big-picture issues. 


Q: Why do new IT managers often find it 


| hard to delegate? 


A: I suspect that in IT, the nature of 


| work is so detail-oriented that it at- 


tracts a certain type of personality that 


| is more comfortable with high degrees 


of detail. They tend not to like to give 
up control, and delegating is a matter 


| of trusting and giving up control. 


Q: As the boss, how can I help? 
A: Clarify expectations. Let them know 


| the expectation is not that they’re do- 
| ing everything, and help them under- 
| stand that this is a huge transition, not 


a little thing. Let them know it’s nor- 
mal to feel they may be not as produc- 
tive as they used to be. At some levels, 


| it may be still part of their job that they 
| do some IT work, so it’s important to 


talk about what proportion of time you 


| expect them to be doing this sort of 
| thing vs. this other sort. 


Q: You say many rookie IT managers have 


image problems. What are some of those? 

A: The issue is that rookies tend to not 
realize the influence they have on the 
people looking up to them as supervi- 


| sors. If they have a poor reaction 


under pressure, if they’re short with 
others, or roll their eyes at issues that 
are tiresome or lose their temper, that 
demonstrates to the team that that’s 
acceptable behavior. They lack aware- 
ness that every behavior they demon- 
strate is telling everyone else what 

is acceptable. 





Q: If | see a rookie manager doing this, what 


| dol do as his supervisor? 


A: Often, they’re not aware of the be- 


| havior. Take them aside and raise their 


consciousness: “I’m pretty sure you 
have no idea you're doing this, but 
it’s likely to have this impact on your 
staff.” Let them know that people ex- 
pect a sense of calmness and control 
from a leader. 


Q: You say I need to drag new IT managers 
out of the trenches. But aren’t they building 
rapport with the troops by diving in to fight 
the fires? 

A: Everything in moderation. Depend- 
ing on the level of management, differ- 
ent degrees of involvement are appro- 
priate. In true emergencies, it may 
make sense to roll up your sleeves, 

but it can become very comfortable to 


| fight fires because it feels very produc- 


tive. It can become the norm, and then 
she’s ignoring the direction of the unit 


When feedback 
is delivered in 
a supportive 
manner, it’s the 
biggest gift they 
could receive. 
It allows them 
to grow. 


CAROL A. WALKER, PRESIDENT, 
PREPARED TO LEAD 
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and strategy and thinking. If she’s con- 
tinually putting out fires, she’s also 
telling her staff they’re not capable of 
handling that; they need her to do that. 


Q: Some rookies say strategic thinking is 

a luxury they can’t afford. How can I teach 
a rookie who has always been tactical to 
begin thinking strategically? 

A: Use those regular communication 
sessions to pose the kinds of questions 
you expect them to be able to answer. 
Like, “What's the competition doing in 
this area?” If they can’t answer, point 
out that this is the difference between 
a boss and a programmer and that a 
certain amount of their time needs to 
be spent on this. 

Show them what you expect them 
to be on top of, and tie it to promote 
ability. Point out that the higher in 
management they go, the more they 
will need to demonstrate this kind of 
thinking, and you want to give them 
the opportunity to practice it. 


Q: What don’t rookies get about feedback? 
A: When feedback is delivered ina 
supportive manner, it’s the biggest gift 
they could receive; it’s the ability to 
see themselves as others see them. It 
allows them to grow. And people don’t 
get that. Sometimes feedback is not 
given in a perfect way, and then people 
are not open to receiving it. 


Q: So they have to learn to give and receive 
feedback? 

A: Yes. And as in a dysfunctional family, 
when they receive feedback given in a 


| bad way, they either hesitate to give 


feedback themselves because it was 

so negative for them or they copy the 
behaviors they see and give their own 
feedback in public or in an uncaring 
way or without tying it to success 
factors. Feedback is a touchy issue. 
Whether you give or receive it, it re- 
quires an environment of trust. As the 
boss, you have to demonstrate how to 
give good feedback. 


| Q: How do I, as the rookie’s boss, negoti- 
| ate the fine line between coaching and 
| micromanaging? 


A: If you set up that regular meeting 
time to talk about things, you’re not 
going to be in their face. Focus on 
their asking and your answering 
questions. 

In the beginning, they may not be 
able to know the right questions, so 
you ask the questions. And if you have 
to raise an issue, raise it in the form of 
a question: “What do you think of this 
area?” — not “We’re not doing enough 
in this area.” D 





You don’t become the midrange server market share 
leader. by being “sometimes*on.” 
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HP’s ultra-reliable rp7410 and rp8400 midrange 
UNIX°® servers. 


HP midrange servers are the dependable choice for your 
always-on computing needs. With the lowest total cost of 
ownership in the midrange server space, you'll significantly 
reduce costs in hardware, management and administration. 
And as the only midrange servers available today that can 
upgrade to the future Intel® ltanium™ Processor Family, they 
are truly the servers of the future 


[ Find out why HP has been the market share leader 


since 1997. Visit www.hp.com/large/midrange 
and request your free HP midrange UNIX® Server 
white papers now. | 
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Midrange UNIX server market share leader according to International Data Corporation(IDC)’s Quarterly Server Tracker, @4CY2001, published March 8, 2002. IDC uses price points to differentiate servers into entry-level! (which is up to $100,000) 
midrange (which is $100,000-$1 million) and high-end (which is $1 million and above). Itanium is a trademark and Intel is a registered trademark of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trade- 
mark of The Open Group. Offer good only in the U.S. ©2002 Hewlett-Packard Company. All rights reserved 
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Dear Career Adviser: 


Iam a network support/PC technician in Michigan who 
was laid off in December. I have six years’ experience, 
four at my prior employer, where I earned $43,000 per 
year. While my earlier compensation wasn’t excessive, in 
this job market I might need to take a job at $35,000 or 


lower and continue looking. 
However, I want to avoid job- 
hopping and wonder if I should 
be patient and continue seeking 
a job with higher pay to avoid 
starting problems regarding 
my salary. Are job contracts an 
option? 

LOWERED EXPECTATIONS 


Dear Expectations: 

You can’t fight the market, 
says Darrell W. Gurney, a Los 
Angeles-based career coach 





WORK 


and author of Headhunters Re- 
vealed! Career Secrets for 
Choosing and Using Profes- 
sional Recruiters (Hunter Arts 
Publishing, 2000) That’s espe- 
cially true because we’re now 
in an employer-driven market 
that will last a while longer. 
Unless your cash is running 
low, come up with a timeline 
and explore as many options 
as possible before accepting a 
lower salary. If you must take 


| acut, at least do it with a com- 


pany that provides an educa- 


71 5S 


On Course at 
Alaska Airlines 


Steve Jarvis, the vice presi- 
dent in charge of e-commerce 
at Alaska Airlines, describes 
the IT culture that has 
emerged in his company in 
response to the fast-changing 
industry it competes in. 


What are the most critical sys- 
tems supported by your depart- 
ment? “Our Web servers, 
connectivity to the host 
reservation system and our 
production databases. Our 
Web-based transaction sys- 
tems bring in 20% of our 
$400 million revenue, so 
they’re pretty critical.” 


What are travelers able to do 
via the Web? “We have a full 
suite of travel purchase 
needs, plus day-of-flight sta- 


: tus, including [Federal Avia- 
: tion Administration] feeds, 

: so you can see where your 

i particular aircraft is, and the 
: world’s first Web check-in.” 


: How have the events of Sept. 11 
: affected your group? “We had 
:? to look at our priorities and 
i pursue projects offering cost 
: savings.” 


: How would you describe the 

: pace of the work in general? 

:? “It’s always hectic, not rou- 
: tine at all — there’s always a 
: challenge.” 


: Describe situations that might 
: come up. “Pricing is so dy- 
? namic that we have to react 
: to what our competitors are 
: doing, sometimes with no 


1 





tion benefit or the opportunity 
to learn new skills. That way, 
once the market turns, you'll 
have a reason to ask for a 
boost in your salary with no 


| explanation needed. 


Dear Career Adviser: 


You and others have men- 
tioned bioinformatics as an up- 
and-coming field. As a C/C++, 
Unix person, I am concerned 
about my ability to move into 
bioinformatics. I also wonder 


notice. When you get up 
: with a to-do list for the day, 
: it can get blown away pretty 
fast.” 


: How would you describe the IT 

i culture? “It’s a very dot-com- 
: ish kind of environment. 
There are 11,000 in the entire 
? company, but in our world, 
because we’re in an evolving 


: world where IT and business : 


: have to work so closely to- 

: gether, we tried to create a 

: culture where we're a small 
: Web company within this 

i larger company.” 


Alaska Airlines 


Who they are: Alaska Airlines 


| 
| 








whether this field is stable. 
— CALIFORNIA DREAMIN’ 


Dear Dreamin’: 

Interest in bioinformatics is 
growing because of its role in 
high-profile research efforts 
like gene sequencing. The 
field involves handling and an- 
alyzing massive amounts of 
data. Your skills in Unix and 
C/C++ are highly portable, 
particularly if you learn script- 
ing languages 
such as Perl or 
Python, build up 
your structured 
and relational 
database skills 
and expand your 
operating system 
knowledge to in- 
clude Linux. 

But given the 
recent demise of 
Oakland, Calif.- 
based Double- 
Twist Inc. and the 
state of biotech 


FRAN QUITTEL is an expert 
in high-tech careers and 
recruitment. Send 
questions to her at 
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venture funding, you might 
want to hedge your bets and 
pursue work within a universi- 
ty, a government agency or an 
established pharmaceutical 
company. 

Investigate the University of 
California Extension at Santa 
Cruz, which offers a certifica- 
tion program in bioinformat- 
ics, says Gary Schultz, princi- 
pal analyst at Sunnyvale, 
Calif.-based Multimedia Re- 
search Group Inc., which re- 
cently published a 
report called “U.S. 

8io-Computing IT 
Market: Bio-Com- 
puting and Phar- 
maceutical Com- 
panies.” 

You might want 
to read Cynthia 
Gibas’ article 
“Computers + 
Biology = Bioinfor- 
matics” at www. 
oreilly.com/Mmews/ 
bioinformatics_ 
0401.html. D 








: How much interaction does your : 


i IT department have with end 
i users or other departments? 


? “We have a floor of the 

: building where marketing 

: and IT live together. At any 

: given time, we have five or 

i six projects under way, and 

: they’re complicated in terms 
i of automating processes that : 
: have always been handled by 


humans, so the business per- : 


? son needs to be just on the 


: other side of the soft wall. If 
? we weren't co-located, it 


: would add lots of days to the : 
: development process.” : 


How are career advancement 


: and training handled at your 
: company? “Most of our de- 


velopment team has been 
homegrown from the airline 
in some way. 

“We've hired from the out- 
side, but our core architects 
have come from within, 
probably because of the 
uniqueness of airline travel 
commerce.” 


What aspect of work do you 
: look forward to each day? “I 


look forward to working 
with the team. We take our 


: work personally here, so our 
: team is great to work with.” 


Main location: Seattle 


Interviewee: Steve Jarvis, vice 


What aspect do you dread each 
: day? “I guess the dynamic 
? nature of pricing and the 


need to run off at a mo- 
ment’s notice to counter 


: what another airline does. 


i That's a distraction from 
: everything we're doing that’s 


20 in the e-commerce group 


innovative. But it’s not some- 
thing we can say no to.” 

~- Mary Brandel 

brandels@attbi.com 
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‘Take control of your IT career with Capella University’s School of ‘Technology. Online and accredited, Capella helps you earn the degree you need to get ahead, In addi = 
OU MOimeCetTCes earn li ehmual men icec trerence eee eee) ean experience and professional certifications, all while preparing you for essential certifications down 

the road. Plus our one-of-a-kind Virtual Lab Environment” offers-hands-on expertence with the latest technology. Whether you choose a bachelor’s or master's program, 
our faculty's real-world experience will help you develop the technical and thinking skills vital to your career advancement. Financial aid is available. For the full story, call 


L-S888-CAPELLA (option #8) or visit wwwcapellauniversity.edu. 
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a way that’s faster and more responsive to the market — and there is no margin 
for error. To stay on top of the market, IT storage vendors need to understand the 


multi-dimensional forces that are impacting storage buying decisions. storage Forum 


Attend this year’s IDC Storage Forum and: 
» Receive new, actionable » Find out how IT May 1 Le 5. 2002 
research data on the many departments can reconcile 


dimensions of IT user the need to ensure 2 The Fairmont 
buying behaviors including continuously available data San Jose California 


anticipated end-user buying with the drive to show a 
preferences through the solid return on every 
year 2006 technology investment 
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can implement channe e latest research on tape ; 

programs that attract the automation, storage www.ide.com/events/sf02/ 
best, the brightest, and the software, storage service eg ell 

most successful partners providers (SSPs), HDDs, 

Join a panel of heavyweight consumer devices, servers, 800-605-5849 


storage executives as they See (978-597-0133 outside the U.S.) 
debate the storage issues IT 


vendors and professionals 
are struggling with today 


Featured Keynote Speakers: 


> Nora Denzel, Vice President and > Charlotte Rancourt, Research Director, 
General Manager, North America Storage Systems, IDC 


Storage, Hewlett-Packard Company > Janet Waxman, Program Director, 


Robert Gray, Research Director Systems and Storage Distribution pe 
Worldwide Storage Systems Channels, IDC —u— 
Research, IDC Mike Zisman, General Manager, ar 


Richard Lary, Partner, TuteLary, LLC Storage Software Unit, IBM y i , 1 me F; 
John McArthur, Vice President, TL Bea the Future 


Worldwide Storage Research, IDC 


As the pace of innovation increases, you need to deliver products and solutions in | D) C 


Register by April. 16th 
and receive a $200 discount! 











Partners: <=-s-:mmmmmaers STORAGE ING. Wa SO. 


INFOSTOR COMPUTERWORLD 








~ ‘TECHNOLOGY =" 


NICHOLAS PETRELEY 


‘The Road to Cairo 


aaa 
RADIO TRACKING 


Radio-frequency tagging adds up- 
front expenses but can cut costs by 
automating and speeding up data 
acquisition and processing. PAGE 46 


WEB ACCESS 
TO LEGACY APPS 


A major U.S. trucking company 
works to keep customers happy by 
making its enterprise database 
management system accessible 


FUTURE WATCH 


Texas-based Cycorp calls itself a 
leader in supplying “formalized 
common sense.” Using a type of 
symbolic logic called “predicate 
calculus,” the company is trying to 
codify everything a person knows 


64-BIT BOOST 


A new generation of applications 
running on .Net Server and Intel’s 
Itanium will eventually bring 64-bit 
computing to the Windows masses. 
PAGE 50 


A peer-to-peer network is one in 
which two or more PCs share files 
and access to devices such as print- 
ers without requiring a separate 
server computer or server soft- 
ware. Learn more in this week’s 
primer. PAGE 52 





HE YEAR IS 1992. Jim Allchin reveals Microsoft’s plans to 
deliver a version of Windows NT, code-named Cairo, in 1994. 
Cairo is slated to use an Object File Store (OFS) as its file sys- 
tem. OFS is an object-oriented database designed to make it 
easy to search documents and other structured data by content. 
Fast forward to 2002. The continued status of OFS can best be described 
by the famous Monty Python cheese shop sketch (see www.montypython. 


netAcripts/cheese.php for the complete script). In the 
sketch, the customer (John Cleese) asks the clerk 
(Michael Palin) for every conceivable type of cheese, 
but the shop is out of stock on every item. This leads 
to the now classic exchange, which exploits Cleese’s 
exceptional timing and delivery: 

Cleese: “It’s not much of a cheese shop, is it?” 

Palin: “Finest in the district, sir!” 

Cleese: “Explain the logic underlying that conclu- 
sion, please.” 

Palin: “Well, it’s so clean, sir!” 

Cleese: “It’s certainly uncontaminated by cheese.” 

Similarly, 10 years after Allchin’s initial promise, 
Windows remains uncontaminated by many of the 
features originally slated for Windows NT and Cairo, 
including OFS. 

There is a very simple explanation for the delay in 
the case of OFS. Microsoft thought it might need OFS 
to win the battle against OS/2, which already had an 
object-oriented foundation and threatened to include 
a database-oriented file system. As it turned out, Mi- 
crosoft was able to beat OS/2 by withholding Win- 
dows 95 licenses for IBM PCs, as was documented in 
Judge Thomas Penfield Jackson's findings of fact. 
With OS/2 out of the way, Microsoft could put OFS 
on the back burner in order to address other pressing 
threats to its desktop monopoly. 

Now OFS is back. Allchin stated last 
month that OFS is scheduled to go into the 
next major release of Windows, code- 
named Longhorn. (Given the lesson of the 
Monty Python sketch, no doubt Microsoft 
is referring to the mild cheddar cheese 
called Longhorn, and not to cattle.) Call 
me a paranoid cynic, but I’m betting Mi- 
crosoft is resurrecting OFS as a means to 
make data more accessible to users while 
making it less accessible to developers. 
This would stifle competition from one or 
more products or technologies, most likely 


NICHOLAS PETRELEY is 2 
computer consultant and 
author in Hayward, Calif. 

He can be reached at 

nicholas@peireley.com. 


competing productivity applications. 

Having said that, an object store based on SQL 
Server technology is a good idea, though not neces- 
sarily the best design for a file system. I’ve advocated 
this approach for a long time, and I don’t intend to 
stop just because Microsoft might abuse it. But if you 
are looking for a much better idea, check out the 
ReiserFS file system. The file system that Hans Reis- 
er proposes is similar to OFS in one respect: Both are 
vaporware. But Reiser’s vaporware is better than any 
I’ve seen in this category. 

If I had to summarize Reiser’s objectives, I would say 
that one is to eliminate as many distinctions as possible 
among various types of files, directories, devices or 
anything else that can be represented within a file sys- 
tem. The upcoming ReiserFS 4 proposes to do this by 
turning everything — streams, directories, attributes 
(time stamps, security settings and others) — into files. 

Another goal is to be able to search the file system 
without having to impose relational database struc- 
ture upon it. Reiser’s examples don’t always support 
his case, but the weakness is in his examples, not his 
principles. For example, he conjures a story in which 
you can’t search for Santa Claus because the arbitrary 
structure of the database makes it nearly impossible 
to define the relationship among Santa, reindeer and 
chimneys. What Reiser neglects to men- 
tion is that a brute-force search engine 
covers a multitude of structural sins. Un- 
fortunately, the price you'd pay in perfor- 
mance, complexity and disk space (or 
some combination of these) would out- 
weigh any benefits you'd reap by imposing 
an arbitrary structure on the file system 
and then working around the limitations 
with brute force. 

In the end, Reiser’s conclusions are per- 
fectly valid. I hope we see the vapor con- 
dense into reality before the cheese shop 
gets its next shipment. D 








SSOCIATED FOOD STORES INC. says its | 
supply chain operations are running 
more efficiently and securely, thanks 
to recently installed next-generation 
wireless radio-frequency tags. 

The firm is one of a handful of 
companies beginning to explore the 
use of RF tags. Until these tags came 

on the scene, tagging systems — even wireless ones 
— typically relied on warehouse personnel or others 
using handheld scanners to read bar-coded tags. RF 
technology takes the process a step further with so- 
phisticated tags that can be attached to inventory or 
trucks. These new tags can communicate location 
and environmental data via antennas to back-end 
systems without requiring manual intervention. In 
addition, the technology could boost security, note 
analysts, who cite the disruptions caused by the re- 
cent terrorist attacks on the U.S. 


Tagging Up 

Last August, Salt Lake City-based Associated went 
live with a system using tags from WhereNet Corp. 
in Santa Clara, Calif., and supply chain applications 
from OMI International Inc. in Schaumburg, IIl., to 
automatically get extensive data captures from the 
trailers in its yard at regular intervals. 

Tim Van de Merwe, internal logistics manager at 
Associated, says the firm can locate any of its hun- 
dreds of trailers to within a foot, tell when one leaves 
its distribution center, forward alerts to retailers in 
the event of delays and even tell if refrigeration units 
in the trailers are maintaining the correct tempera- 
tures. By getting an accurate, near-real-time picture 
of its trailers’ locations and conditions, Associated 
has reduced the number of its leased trailers and per- | 
sonnel. It has also cut down the amount of spoiled 
produce, which could add up to $100,000 per year. 

The $50 tags are 0.5 in. high by 2.5 in. long by 1.5 in. 
wide and are attached to trailers by adhesives or me- 
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At Associated Food Stores, RF tags mounted in delivery trucks keep tabs on where the vehicles are and how well they're cooling their 
cargos. The system's expected payback over previous manual systems is one year or less. 


chanical fasteners. They flash signals every four min- 
utes to 19 antennas connected by five miles of cable. 


| The Windows-based WhereNet system and embed- 


ded database takes these feeds and determines the lo- 
cation and status of Associated’s trailers and other 
mobile assets. This information is then passed to 
OMI’s management application for an up-to-date map 
of Associated’s yard. 

One major challenge, says Van de Merwe, is mak- 
ing sure the information is accurate, which requires 
constant testing. Prior to using the RF tags, it could 
take an hour to capture data manually on the trailers, 
and “nine times out of 10, the process was inaccu- 
rate,” he says. “You never captured live information.” 

If there is a spike in temperature, indicating an 
opened trailer door, the system automatically alerts a 
security person. The system is expected to pay for it- 


Radio tagging of in-transit materiel speeds 


_ data gathering in the su 


ly chain, cuts costs 


and adds new controls. By Marc L. Songini 
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self within a year, although Van de Merwe wouldn't 
comment on the specific costs involved. 

The WhereNet system uses its own proprietary 
signaling standard, which it has submitted for indus- 
try ratification. WhereNet appears to be ahead of its 
competitors in this field, say analysts, but other com- 
panies are making gains. For example, Thorofare, 
N.J.-based Checkpoint Systems Inc. has entered into 
an alliance with New York-based consumer package 
maker Westvaco Corp. to provide similar offerings. 


Standards Needed 
Pete Abell, an analyst at AMR Research Inc. in 
Boston, says there are competing RF standards from 


| different vendors, but standards bodies such as Uni- 
ham 3 # - * 
form Code Council Inc. in Lawrenceville, N.J., and 


EAN International in Brussels are working to create 
specifications that would enable the technology to 
work in supply chains globally. “Major retailers and 
suppliers are putting money into it to make it hap- 
pen,” he says. In terms of things such as loss pre- 
vention or tracking expiration dates, Abell adds, RF 
tags already have a “compelling value proposition.” 

There are implementation challenges. At Ford Mo- 
tor Co., the biggest issue in rolling out the WhereNet 
system was standardizing the various radio frequen- 
cies and business practices, says Scott Hollister, a 
project manager at the car manufacturer. 

Ford went live with WhereNet in August 2000 at a 


| truck facility, and in December 2001, it rolled out a 


version of the system to 22 more plants. Currently, 
the tags sit on the rear-view mirrors of newly assem- 
bled trucks and report on their locations in the yard. 
They also report the status of the vehicles in the 
quality assurance process and ensure delivery to ap- 
propriate dealers as soon as possible. 

According to Ford, by bolstering the timely inspec- 
tion and movement of vehicles, the company has 
saved close to $1 million in holding costs and gained 
improved customer satisfaction. D 


Learn how another transportation company, Freymiller 
Inc. in Oklahoma City, is using wireless connectivity to 
stay in touch with its trucks and control temperatures: 
www.computerworld.com/q?28536 





Bneuckcutic mina tats you. money’ 
oy simpty little gnor 


fbb bin be bm i dl 


Fa 
$ 
a 
4 
= 
x 
ie 
Fi 


it's the automated array and all of its costsaving features. 
HP’s Virtual Arrays save you money by automating the 
manual processes required in traditional arrays. Tuning out 
hot spots, adding storage space and protecting your data— 
automatically. Freeing your valuable IT resources and 


taking the mystery out of efficient data management. 
[ Hurry, and request your free copy of the 


HP Virtual Array: Double Your Operating Efficiency guide 
now, visit www.hp.com/info/virtualarray ] 
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NFORMATION TECHNOLOGY 
managers at Roadway Express 
Inc. knew that the “green 
screen” interfaces in main- 
frame programs and the HTML 
used in Web site design don’t 

mix very easily. 

So when the Akron, Ohio-based 
trucking company decided to make its 
enterprise legacy database manage- 


ment system accessible to users through | 


a browser-based interface, its IT man- 
agers planned their strategy carefully. 

“We felt that our system, the CCA 
Model 204 database, was perfectly ca- 
pable of handling the demand from the 
world at large,” says Gary Bailey, man- 
ager of applications development at 
Roadway. The goal was to de- ->—— 
velop an access point for 
users trying to connect from | 
outside the corporate hub. 

“The key was how to max- 
imize the investment we had 
in the system — not reinventing the 
system, but reusing it,” Bailey says 

Everything the company knows 
about each shipment, including pay- 
ment status, is run off one IBM main- 
frame application, Computer Corpora- 
tion of America’s (CCA) Model 204. 
Roadway has centralized its entire 
business on this transaction-based 
enterprise database since 1988. 

Built in the 1960s, the Model 204 
industrial-strength software runs on 
IBM’s OS/390 operating system and 
compatible mainframe systems. It can 
perform query and transaction pro- 
cessing on MVS, virtual machine and 
virtual extended storage systems. The 


Roadway 
Express Inc. 


Akron, Ohio | 


www.roadway.com 
—— anal 
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software is also designed to allow 
rapid access to large-scale databases 

| and to support paraliel processing with 
a multiprocessor option. Model 204 is 
used by customers with terabytes of 
data and thousands of concurrent on- 
line users, according to Framingham, 
Mass.-based CCA. 

Model 204 stores all of Roadway’s 
mission-critical freight operations 
data, including customer, dispatch, 
| freight shipment, billing, shipment 
tracking, invoicing and computerized 
rate information, according to the 
company. The system tracks more than 
9 million shipments, houses 500,000 
customer records and processes more 
than 2 million transactions per day. 
——— Roadway handles 65,000 
| shipments every day using 

Model 204. The trick for the 
company was finding a way 
to connect the database to 
Unix workstations from Sun 
Microsystems Inc. The workstations 
run Roadway’s nondatabase applica- 
tions, including its Web applications. 

Hoping it wouldn’t take long to 
teach experienced coders new tricks, 





the company decided to train its main- 


frame programmers in HTML. 

The next step was for Roadway’s 
mainframe programmers and its Web 
design group to build a system that al- 
lows Internet users to directly access 
the mainframe application to schedule 
and track shipments. 

By eliminating middleware on the 
mainframe, the development team en- 





sured that Roadway’s legacy applica- 
tions would continue to process up to 


ROADWAY DRIVES 
LEGACY APPS 
ONTO THE WEB 


Trucking company provides browser- 
based access to mainframe data and 
applications. By Linda Rosencrance 


1,800 transactions per second. 
Installing Janus Web Server from Sir- 
ius Software Inc. in Cambridge, Mass., 
on top of Model 204 “allowed us to 
reuse our existing transportation man- 


| agement systems and administrative 


systems, such as invoicing and report- 
ing, without having to rewrite our suite 
of applications,” says Dave Pavlich, di- 
rector of e-commerce technologies and 
applications development at Roadway. 
“Janus Web allows us to extend our 
existing applications written in M204 
user language to browser-based pre- 
sentation layers.” 


Seamless Links 
Pavlich described the way the sys- 
tem works: The proxy server simply 
| delivers HTTP requests to the Janus 
Web server and then returns HTTP 
output to users’ browsers, without in- 
curring the cost of writing or buying 
middleware that would sit between the 
proxy and the mainframe. The system 
saved Roadway the expense of writing 
applications that run on its front-end 
Web servers or proxy servers, he says. 
“Our approach saved us time and 
money in the initial development of 
My.Roadway.com.” Pavlich says. “We 
did not have to replicate our databases, 
and we were able to use existing IT 
staff to build Web-based applications.” 
The link between the mainframe and 





Unix platforms is so seamless that users 
| have no idea they’re plugged into a 
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Proxy server 


technology Roadway has used for 

more than 14 years, according to the 
| company. Moreover, the cost to Road- 

way of creating Web access was low — 
less than $1 million. 
Roadway’s customers seem to be sat- 
isfied with the results. 
“This is a value-added [service] for 
| us,” says Paul Blissenbach, transporta- 
| tion manager at Coldwater Creek Inc., 
| a Sandpoint, Idaho-based multichannel 
retailer of women’s apparel, gifts, jew- 
elry, home goods and accessories. “It 
gives us the ability to generate reports 
| on our inbound and outbound ship- 
ments. Our transportation department 
needs to ensure that our merchandise 
is coming in on time and whether our 
vendor companies are complying with 
our routing instructions.” 

TJ. Johnson, manager of transporta- 
| tion at Freeman Transportation in Dal- 
las, says, “No [carrier’s] Web site is as so- 
phisticated as Roadway’s. That’s one of 
the reasons we've retained Roadway.” 

Donald Broughton, an analyst at A.G. 
Edwards & Sons Inc. in St. Louis, agrees 
that Roadway is offering its customers 
more value for their money. But, he 
says, other carriers such as Yellow 
Corp. in Overland Park, Kan., and ABF 
Freight System Inc. in Fort Smith, Ark., 
offer similar services. And more com- 
panies should follow suit if they want 
to stay competitive, he adds. 

“Everyone not doing it will be left 
| behind,” Broughton says. D 
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Computerizing 
Common Sense 


Austin, Texas-based Cycorp Inc. claims 
to be “the leading supplier of formalized 
common sense.” CEO and founder Doug 
Lenat has labored 17 years to codify facts 
such as “Once people die, they stop buy- 
ing things.” He uses a form of symbolic 
logic called “predicate calculus” to clas- 
sify and show the properties of informa- 
tion in a standard way. 

The Cyc knowledge base adds power 
to applications by adding common- 
sense information on top of the domain- 
specific knowledge that occurs in every 
application, Lenat tells Computer- 
world’s Gary H. Anthes. 

“We see it as the next great thing,” 
says Morrie Sigel, a partner at Atlantic 
Capital Partners LLC in Darien, Conn. 
“The knowledge base provides such a 
broad platform for a multiplicity of 
products that it’s mind-boggling.” 


What have you accomplished so far? 
We've put in 600 person-years of 
effort, and we’ve assembled a knowl- 
edge base containing 3 million rules 


. 8, 





of thumb that the average person 
knows about the world, plus about 
300,000 terms or concepts. 


Can you give an example? Terms like “first 
date” and rules of thumb like “Peo- 
ple are more polite on their first date 
than they are on their nth date.” A 


WHO HE? 


Doug Lenat is an 
artificial intelligence 
pioneer who is 
leading the human 
“memome” project, 
an effort to codify all 
the common sense in 
a person’s head. 


IS 





j 


<- 
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lot of these things were true 50,000 
years ago, like “If you are carrying a 
container that’s open on one side, 
you should carry it with the open 
end up.” The idea is to represent 
these in formal logic as opposed to 
English sentences. You want the 
machine to be able to crank through 
the logical deductions — the conse- 
quences of these assertions — the 
same way you or I would. 


What will the knowledge base be used for? 
I see this more as a power source 
rather than a single application. 
[For any given application], you 
need common-sense knowledge and 
domain knowledge. We are building 
in the common-sense knowledge 


Are there any applications so far? Yes, it’s 


called CycSecure, and we are beta- 
testing it. Cyc knows what are nor- 
mal, legitimate actions and what are 
actions taken by hackers, [and it 
knows about operating system vul- 
nerabilities]. It uses its [artificial 
intelligence] planning ability and 
knowledge of the world to come up 


with network attack plans. You tell it | 


about your network, and instead of 
running canned exploits against it 
and doing the old-fashioned intru- 
sion detection, you do hypothetical 
reasoning. You experiment on the 
model instead of the actual network. 


What is OpenCyc? It’s a daring gamble to 
gradually make everything in the 
Cyc knowledge base public. An ini- 
tial release last week made available 
about 5,000 concepts and 50,000 
axioms or assertions about them. 
We will gradually, over the next two 
years, migrate everything to the pub- 
lic mode. But OpenCyc will always 
lag by 24 to 30 months. 


Are you continuing to add to Cyc? Yes. 
Cyc finally knows enough that it 
can actually help with the knowl- 
edge-entry process. It’s changed in 
the past year from where we were 
entering these things by hand and 


Ouck 
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Knowledge Sample 


The Cyc knowledge base uses predicate 
calculus to encode assertions such as 
“Animals sleep at home.” 


(ForAll 2x (ForAll ?S (ForAll 7PLACE 
(implies (and 
(isa ?x Animal) 
(isa ?S SleepingEvent) 
(performer ?S 2x) 
(location ?S ?PLACE)) 
(home ?x ?PLACE))))) 


This says that if xis an animal and is the 
performer of a sleeping event, then the 
place where that event takes place is the 
home of x. 


writing them in logic to a kind of tu- 
toring mode. For example, you say, 
“IT want to tell you about a new kind 
of bacteria,” and it might say, “What 
kinds of things does it kill? Is it sim- 
ilar to anything I know about al- 
ready?” Up until now, the only peo- 
ple adding knowledge were a small 
priesthood of logicians. Now, sud- 
denly, millions of people can add 
their knowledge to Cyc. Because of 
the acceleration, we'll be at 10 mil- 
lion assertions a year from now. 


Won't input from the public bring in a lot of 


garbage? I'l] have an OpenCyc com- 
mittee to help vet knowledge that is 
suggested. Also, we’ve developed the 
notion of local consistency, which is 
analogous to our everyday notion of 
the earth as being locally flat and 
globally spherical. In the same way, 
we have divided the knowledge base 
into regions that are locally consis- 
tent, and all the inconsistent infor- 
mation is so far away that you can 
ignore it. If someone puts in “Dining 
room tables are made of Jello,” that 
will contradict so many things in the 
“normal” part of the knowiedge base 
that it automatically will get pushed 
out into the boonies. 


| Is Cyc like the human genome project, where 


eventually you will be done, or will it grow 
forever? I refer to it as the human 
“memome” project. A typical person 
knows about 100 million things 
about the world. I see us crossing 
that point in five years. It’s difficult 
to predict the course thereafter. D 


To learn how an early user of the 
Cyc knowledge base is applying it 
in a national security application, 
visit our Web site 


www.computerworld.com/q?28697 
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Windows G 


A 64-Bit Boost 


OUTLOOK: Microsoft’s 64-bit version of 
.Net Server will give some applications a 
much-needed performance boost. Here’s 
how the technology will eventually fit into 
enterprise computing. By Drew Robb 


ICROSOFT CORP. suc- | man genome analysis. Since 


cessfully made the 

leap from desktop 

dominance to grab- 
bing a hefty share of the serv- 
er operating system market. 
Now the vendor is setting its 
sights on high-performance 
workstations and servers. 

Intel Corp. got the ball 
rolling last June, when it start- 
ed shipping the 64-bit Itanium 
processor, based on its [A-64 
architecture. Then in August, 
Microsoft introduced an eval 
uation version of its first 64- 
bit server operating system, 
Windows 2000 Advanced 
Server Limited Edition, and 
announced a 64-bit version of 
Windows XP for the desktop. 
Server vendors have already 

begun shipping Wintel sys- 
tems. But the migration of ap- 
plications is likely to be a slow 


process, say users and analysts. | 


The benefit for compute- 
intensive Windows applica- 
tions is significant. Itanium 
systems offer floating-point 
performance improvements 
that speed up applications 
such as 3-D modeling and hu- 


MQ&A 


| gramming model” 
| terface, he says, “ 


| the Itanium can access up to 


16TB of RAM, entire databases 


| can move from disk to memo- 
| ry, allowing access speeds that 
| are 100 times faster than disk- 
| bound databases. 


| The Migration Curve 


Programmers can use Mi- 


| crosoft’s Visual Studio .Net 
| development software to cre- 


ate 64-bit applications, says 
Velle Kolde, a lead product 
manager at Microsoft. “IA-64 
uses the same Windows pro- 
and user in- 
so 32-bit de- 
velopers and ISVs [indepen- 
dent software vendors] don’t 
have to learn a new one.” 

This summer, Microsoft 
plans to introduce 64-bit ver- 
sions of Windows .Net Data- 
center Server and Windows 
.Net Enterprise Server. At the 
same time Intel will release its 
new 2-GHz 
code-named McKinley, which 
will have a higher clock speed 
and enhanced compiler capa- 
bilities. Two more 64-bit Intel 


processors, code-named Madi- | 


Itanium processor, | 





Wintel 64-Bit 
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New Windows XP and .Net 
Server versions running on 
Intel |A-64-based systems 
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Developers Ponder the 64-Bit Question 


Daniel Mezick is president of 
New Technology Solutions Inc., a 
provider of programmer training 
services in North Haven, Conn. 


Are programmers interested in 


64-bit Windows? We are not see- 


ing any groundswell of developer 
interest in 64-bit Windows. 


What are the application migra- 


| tion issues? The main thing fac- 


ing programmers is the [applica- 
tion programming interface] 
changes. 


| What advice would you give pro- | 
| rewrite. So application owners 
| tion? Before long, Microsoft will be | 


grammers considering a migra- 


beating the drum about how you 


| must write to .Net if you want a mi- 
gration path to 64-bit processors 


My advice is to time that migra- 


| tion carefully. Moving to .Net re- 
quires plenty of developer training, 


and migrations are essentially a 


need to think strategically. 





son and Deerfield, are sched- 
uled for mid-2003 release. 
Missing from the equation 


| are the 64-bit applications, 
| and software vendors aren't 


likely to announce ship dates 


| until the release date of Mi- 


crosoft’s first 64-bit operating 
system is final. 


Real-World Implications 

Early 1A-64 releases have 
been geared toward develop- 
ers and early adopters. Savvas 
Papaiacovou, manager of the 
MIS Group at Wells Fargo & 
Co. in San Francisco, is run- 
ning a pilot to optimize a 64- 
bit version of an SAS database 
used for market and customer 
behavior analysis. 

“Some of the tables we use 


for quantitative modeling have | 


600 million observations,” he 
says. “As we optimize the SAS 
code, we are seeing increas- 
ingly better performance.” 

While it makes sense to mi- 
grate some compute-intensive 
Windows applications to the 
new platform, Wintel systems 
are unlikely to challenge the 
high-end Unix systems that 
run 64-bit data center applica- 
tions until stability and matu- 
rity are proven. Even then, 
programmers may find it easi- 
er and more cost-effective to 
recompile 64-bit Unix applica- 
tions to run on Itanium sys- 
tems that run Linux instead of 
-Net Server. 

But most enterprise soft- 
ware vendors are already 
working on 64-bit versions of 


| their software. 


“Although Unix vendors 
have more experience here, 
the sheer weight of ISV and 
independent hardware vendor 


| support for Windows should 

| mean that it gains acceptance 
| quickly,” 
| analyst at Stamford, Conn.- 


says Mary Hubley, an 


based Gartner Inc. But, she 


adds, “32-bit applications are 


likely to predominate for some 


time.” D 
Robb is a freelance writer in 


Tujunga, Calif. Contact him at 
drewrobb@attbi.com. 
ntel’s Steven Speer 


Quick "seas. discusses 64-bit Win 
Q dows application de 
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@ THE MARKET 


Activity on 
The Horizon 


The Wintel 64-bit product 
landscape is barren today, but 
that’s likely to change during 
the next 12 months. 


SERVERS 

Vendors such as Dell Comput- 
er Corp., IBM and Compaq 
Computer Corp. already offer 
Itanium-based systems for use 
with Windows 2000 Advanced 
Server Limited Edition. 


DEVELOPMENT TOOLS 

Both Intel and Microsoft offer 
64-bit compilers and develop- 
ment tools. Third-party vendors 
such as Rational Software 
Corp. also offer tools to help 
with the transition. 


ENTERPRISE APPLICATIONS 
Vendors that have announced 
64-bit application support in- 
clude Computer Associates In- 
ternational Inc., BMC Software 
Inc., SAP AG, J.D. Edwards & 
Co., IBM, SAS Institute Inc. 
and Veritas Software Corp. 


PHASE-IN PERIOD 

The transition to 64-bit com- 
puting will take time. intel will 
continue to develop 32-bit 
processors for several years as 
its 64-bit processors gradually 
gain acceptance. And 32-bit 
systems are likely to continue 
to exist long after 64-bit com- 
puting gains momentum be- 
cause legacy 32-bit Windows 
applications will run more 
slowly on 64-bit systems. 

Eventually, analysts say, 32- 
bit Windows will go the way of 
DOS. Boston-based Aberdeen 
Group Inc.'s Tom Manter pre- 
dicts it will be nine to 16 months 
before 64-bit Windows gains 
mainstream support. “The mar- 
ketplace has to feel comfort- 
able that it is a hardened plat- 
form that is fully tested and is 
ready for their mission-critical 
applications,” he says. 

But Tim Golden, director of 
marketing at Compaq’s Enter- 
prise Server Group, predicts 
the transition to 64-bit comput- 
ing will take three to five years. 
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CODERNAUTS DISCOVER WEBSPHERE. THE WORLD’S MOST POPULAR INTEGRATION SOFTWARE. 


WEBSPHERE ron INFRASTRUCTURE 


j CONNECTS MORE APPLICATIONS, DEVICES, PROCESSES AND PEOPLE THAN ANY OTHER SOFTWARE i 


- IT’S A DIFFERENT KIND or WORLD. 
© business software ibm.com/websphere/more YOU NEED A DIFFERENT KIND or SOFTWARE. 





Peer-to-Peer Netw 


A peer-to-peer network is one in which two or more 
PCs share files and access to devices such as 
printers without requiring a separate server com- 


~ TECHNOLOGY) 


HOT TRENDS & TECHNOLOGIES IN 


DEFINITION 


puter or server software. 


BY JAMES COPE 

N ITS SIMPLEST FORM, 

a peer-to-peer (P2P) 

network is created 

when two or more PCs 

are connected and share 
resources without going 
through a separate server 
computer. A P2P network can 
be an ad hoc connection — a 
couple of computers connect- 
ed via a Universal Serial Bus 
to transfer files. A P2P net- 
work also can be a permanent 
infrastructure that links a half- 
dozen computers in a small of- 
fice over copper wires. Or a 
P2P network can be a network 
on a much grander scale in 
which special protocols and 
applications set up direct rela- 
tionships among users over 
the Internet. 

The initial use of P2P net- 
works in business followed the 
deployment in the early 1980s 
of free-standing PCs. In con- 
trast to the minimainframes of 
the day, such as the VS system 
from Wang Laboratories Inc., 
which served up word pro- 
cessing and other applications 
to dumb terminals from a cen- 
tral computer and stored files 
on a centrai hard drive, the 
then-new PCs had self-con- 
tained hard drives and built-in 
CPUs. The smart boxes also 
had onboard applications, 
which meant they could be de- 
ployed to desktops and be use- 
ful without an umbilical cord 
linking them to a mainframe. 

Many workers felt liberated 
by having dedicated PCs on 
their desktops. But soon they 


@ Are there technologies or issues you would like to learn about in QuickStudy? Please send your ideas to quickstudy@computerworld.com 





avigating a P2P Network 


shows how a P2P network operates. The solid lines indicate 
hard-wired network 


cables. The dotted lines indicate that each 


and share files with every other PC on such a 
to one PC can be used by other PCs on the 
network - if that printer's PC allows use. 


dais 


needed a way to share files 
and printers. The obvious so- 
lution was to save files to a 
floppy disk and carry the disk 
to the intended recipient or 


| send it by interoffice mail. 


Sneaker Nets 


frequent endpoint of a typical 


| sneaker net was the worker 


who had a printer connected 
to his machine. 


| really the basis for today’s 
| small P2P workgroups. 


| environments in which indi- 
| viduals use their PCsin ways | 
determined by a higher au- 


tothe 


ican ag 


BRIEF 


group network is all about 
openly sharing files and de- 
vices. 

In general, office and home 


| P2P networks operate over 


Ethernet (10M bit/sec.) or Fast 
Ethernet (100M bit/sec.) and 
employ a hub-and-spoke 
topology. Category 5 (twisted- 
pair) copper wire runs among 
the PCs and an Ethernet hub 


| or switch, enabling users of 


those networked PCs access to 
one another’s hard drives, 
printers or perhaps a shared 
Internet connection. 


Both Client and Server 


In effect, every connected PC 
is at once a server and a client. 
There’s no special network op- 
erating system residing on a 
robust machine that supports 
special server-side applications 
like directory services (spe- 
cialized databases that control 
who has access to what). 

In a P2P environment, access 
rights are governed by setting 
sharing permissions on indi- 
vidual machines. 

For example, if User A’s PC 
is connected to a printer that 


User B wants to access, User A 


must set his machine to allow 
(share) access to the printer. 


| Similarly, if User B wants to 


have access to a folder or file, 
or even a complete hard drive, 


| on User A’s PC, User A must 


enable file sharing on his PC. 
Access to folders and printers 
on an office P2P network can 





While sneaker nets seemed 
an odd mix of the newest tech- | 
nology and the oldest form of | 
transportation, the model is 


Whereas earlier centralized 


| computing models and today’s | 
That practice resulted in the | | 
| term “sneaker net.” The most 


client/server systems are gen- 
erally considered controlled 


thority, a classic P2P work- 


be further controlled by as- 


| signing passwords to those re- 


sources. D 


Cope is an Indiana-based free- 


| lance writer. He can be contacted 
| at jamescope@sbinet.com. 


For a story on com 
mercial P2P soft- 


Quick 


| , kQ ware, log on to our 
| mM Web site 


www.computerworld.com/q?28287 


For a complete list of Technology Quick 


Studies, visit our Web site 
| www.computerworid.com/q?q3000 
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Suspected Code Theft 
Creates a Korensic Furor 


When Mathias’ company thinks someone is stealing 
intellectual property, it’s up to him to find out who 


BY MATHIAS THURMAN 
RECENTLY RECEIVED A CALL from 
one of my company’s intellectu- 
al-property lawyers, who sus- 
pected that someone had stolen 
the source code to one of our 
products. A license for the product 
costs more than $10,000, so the possi- 
bility that it might have been taken was 
cause for great alarm. 
Here’s what happened: Our company 
entered into a joint devel- 
opment agreement with 
another firm and provided 
a Solaris workstation con- 
taining the source code for 
the software in question 
for purposes of interoper- 
ability testing with 
partner’s products. 
During the course of the 
integration work, one of 
the other firm’s employees 
was laid off. Prior to his 
departure, the employee, 
now disgruntled, claimed 
that an unnamed colleague 
had copied our company’s 
source code for his own 
use. The colleague al- 
legedly had bragged about 
using parts of our code to create a new 
product. Upon hearing this, our attor- 
ney immediately ordered the server 
brought down and the system’s internal 
hard drive returned. My task was to de- 
termine, if possible, whether the source 
code had been copied — and by whom. 
Faced with a forensic analysis of the 
hard drive, | had three options. I could 
do the work in-house, outsource all of 
the work or outsource part of it. To 
avoid bias or conflict of interest, I de- 
cided to outsource the entire project. 


our 


Finding an Expert 

My first job was to find a reputable, 
capable and efficient forensic analyst 
to do the work quickly. I called a few 
people I used to work with who had ex- 
pertise in this area. The first person 
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the drive, but he wasn’t skilled enough 
with the Solaris operating system to 
provide an analysis that would prove 
— or disprove — the transfer of our 
company’s source code. The other fel- 
low had the Solaris skills we needed 
but had his hands full indefinitely with 
work related to the Enron Corp. case. 
However, he gave me a reference, and I 
also obtained references from other in- 
formation security professionals and 

found the names of rep- 


phe utable firms through an In- 


ternet search. 

In reviewing the vendors, 
I considered their level of 
expertise (Did they have 
Solaris forensic skills?), 
business viability (Would 
they be around when this 
case goes to trial?) and rep- 
utation (If they had to testi- 
fy, would they be consid- 
ered credible witnesses?). 

The vendors charged 
hourly rates ranging from 
$150 to $400. All charged 
for “nonattended” work — 
the time required for their 
system to create a drive im- 
age — but some charged 
that time at a lower rate. Time esti- 
mates for the project ranged from two 
days to a week. In the end, I chose the 
winning vendor based on its strong 
references. 

It took several days to negotiate a 
statement of work with estimates of the 
project’s cost, time and scope. Part of 
those discussions included clearly de- 
lineating what the forensic analyst 
should look for. Ideally, I wanted them 
to answer the “who, what, where, when, 
why and how” questions related to the 
incident. Of those, “why” usually is the 
most difficult because that’s a question 
best answered by the criminal. But the 
other answers might be gleaned by 
carefully analyzing files, logs and other 
residual data — even data that might 
have been erased but not yet overwrit- 


said he could create a mirror image of | tenon the hard drive. 


@ This week's journal is written by areal security manager, “Mathias Thurman,” whose name and employer have been disguised for obvious reasons. Contact him at mathias_thurman@yahoo.com or go to the Security Manager's Journal forum. 





In our case, all we really needed to 
know was whether our source code had 
been copied or transferred, who did it, 
when they did it, how it was transferred 
or copied and where the files were 
transferred. After reaching an agree- 
ment with the vendor, I signed out the 
evidence — a hard drive stored in a safe 
in our facilities manager’s office — and 
shipped it to the firm’s forensic lab. 


The Assessment 


Forensic specialists use several 
methodologies in a media analysis, but 
they start by creating a mirror image of 
the original disk drive. Once the vendor 
creates the drive image, it can return 
the original drive to the owner for safe- 
keeping. An analyst then extracts the 
mirror image to a clean hard drive be- 
fore beginning the analysis. 

Our analyst sent our original hard 
drive back, along with a second drive 
containing a mirror image. We can use 
this copy if we want a second opinion 
or want to perform an analysis our- 
selves. The image includes an MDS5 
checksum of the image so that it can be 
verified to be an exact copy of the origi- 
nal drive if there’s a question about the 
integrity of the image. 

After about a week, the vendor re- 
turned the results — with some inter- 
esting conclusions. Unfortunately, it 
found no clear evidence that a specific 
individual transferred the files to an- 
other company using file transfer pro- 
tocol. But the vendor did find 
information in one of the shell history 
files that seemed to imply that a trans- 
fer took place. 

The shell, or command processor, 
programs used by Solaris and other 
Unix operating systems typically have a 
history function that lets administra- 
tors execute previously entered com- 
mands without retyping them. The 
shell history file is a text file located in 
each user’s home directory, where it 
provides a clue to what commands a 
given user has executed. The history 
file for the root administrative account 
on our drive showed that someone had 
created a tape archive for one of the 
files in question and had copied it to an 
external medium. However, there 
wasn’t any evidence to show what type 
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MD5 checksum: This algorithm, origi- 
nally designed to create digital signa- 
tures, can also be used to verify that a 
drive image is an exact copy. The 
process creates a unique encrypted 
value, called a message digest, based 
on the number of set bits in a file. Using 
a public key, a forensic analyst can 
compare the decrypted numerical value 
for the drive image to one calculated on 
the original to verify that the copy hasn't 
been altered. For more information, visit 
http://theory.|cs.mit.edu/-rivest/ 
Rivest-MD5. txt. 


LINKS: 


Forensic Analysis Firms 
EvidentData Inc. 

Rancho Cucamonga, Calif. 
www.evidentdata.com/ 


Foundstone Inc. 
Mission Viejo, Calif. 
www.foundstone.com/ 


New Technologies Armor Inc. 
Gresham, Ore. 
www. forensics-intl.com/ 


Do-It-Yourself Tools 

www. fish.com/tct/: The Coroners 
Toolkit is a set of freeware tools for Unix 
forensic media analysis. 


www. forensics-intl.com/thetools. 
html: Saieback, from New Technolo- 
gies, performs “evidence-grade” 
mirrored backups of hard drives. 


www.guidancesoftware.com/ 
html/index.html: EnCase, from Guid- 
ance Software Inc. in Pasadena, Calif., 
is one of the better-known commercial 
disk-analysis tools. 


of media was connected to the Solaris 
server when the archive took place. 
And since many people had access to 
the root account, it was difficult to pin 
the activity on a single individual. 

The next step is to interview poten- 
tial suspects and try to get them to con- 
fess. Fortunately, I can leave that up to 
the lawyers. Could I have done more? I 
welcome readers with ideas and similar 
experiences to join in the Security 
Manager’s Journal forum online. P 

Discuss this week's column and 


Qui catch up on the latest security 


. 
Cc 
I ne developments online at 
q www.computerworld.com/q?q2000 
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Gillette 
Company 
INFORMATION 


TECHNOLOGY 
...- OPPORTUNITIES 


The Gillette Company is the 
world leader in more than 
a dozen consumer product 
categories. Global World Class 
operations are increasingly 
dependent on Information Tech- 
nology. Exciting opportunities 
exist in global business process 
integration initiatives. We are 
currently seeking the following 
highly qualified professionals to 
join the Gillette IT team in the 
Boston area 


The following positions 
commonly require a Bachelor's 
tdegree (or equivalent) in 
Computer Science, MIS 
Business Admin., or similarly 
relevant field, and 3-5 years 
relevant experience 


! Staff Programmer Analysts 


! (SAP) Staff Basis Adminis- 
trators/Con-figuration- 
integration Specialists/ 
Application Developers 


! Data Warehouse Architects/ 
Developers/Database 
Administrators 


! Telecommunications 
Analysts 


Starting salaries range from 
$56,100 to $119,000 per year. 
together with paid vacation 
medical, dental, life and disability 
insurances, and other industry 
competitive benefits. 


Please email resume to 
www.Gillette.Com 


The Gillette Company is an 
equal employment opportunity 
employer 


IT Developer in Charlotte, NC. 
First Union/Wachovia Corp. 
Provide cust. info. tech. solutions, 
advise customers on alternatives 
to target business needs & write 
project reqs., test scripts. Pos. 
will work weekends & holidays. 
also carries pager 24/7 for prod 
problems. Reqs. BS in Comp. 
Science or Eng or its equiv. (any 
suitable combination of educ 

training or exp. is acceptable) & 
2 yrs exp. in the pos. offd. or as 
Business Consit., System Dvip. 
or Software Eng. In lieu of a BA 
and 2 yrs. exp., the employer will 
accept 4 yrs exp. as a Systems 
Dvip. 2 yrs of reqd. exp. must incl. 
asset mgmt. statement system 
proc. working w/ COBOL MVS in 
a mainframe envir. & must incl 
work w/ Easytrieve Plus, JCL & 
VSAM. 1 yr of reqd. exp. must 
incl. exp. analyzing brokerage 
transactions incl. trades, dividends 
& other taxable transactions 
40hrs/wk, $41K- $69K, Send re 
sume & cvr. ltr. to Geri Henderson. 
401 South Tyron Street, NC 
0745, Charlotte, NC 28288-0475. 


F/T Technical Architect. Provide 
technical & architectural solutions 
for the design, development 
& enhancements of company 
products & object oriented 
analysis & design of client appli 
cations using UML. Make rec 
ymmendations re: software. 
hardware, system environments 
& develop capacity plans. Assist 
w/ performance monitoring, trou 
bleshoot technical problems 
& testing working w 
SQL, SQL Server & Oracle data 
bases. Evalu: ents’ business 
requirements & create technica 
Jesign specifications for software 
enhancements, conversion strate 
yies & provide conversion sup 
port. Work Java, Java Beans. 
J ClearCase 
ClearQuest & CORBA. Must have 
Bachelor's degree in CS or 


Swing, Vist 


related fie Foreign degree 


alent accepted. Must have 
n job offered or 
r ar duties. Send 
Betsy Moya, Schlum 
r 701 W. 


300, Miami, FL 


BAAN CONSULTANT 


Analyze & evaluate existing or 
proposed software systems 
Dvip., implement & improve 
programs, systems & related 
procedures to process data 
using in-depth knowledge of the 
systems dvipmt life cycle. Encode, 
test, debug & install operating 
programs & system software 
utilizing knowledge of Baan ERP 
tools and prog. lang. Performs 
functional definition and tech 
realization/customization of Baan 
software. B.S. (or equivalent) in 
Comp. Sci., Math, Engrg., Busi- 
ness or Commerce plus 2 yrs. 
exp. in either job offered or as 
Programmer Analyst, Software 
Engr. or Sys. Analyst rqd. Expe 
rience must include use of Baan 
ERP tools (spec. Baan Manu 
facturing, Baan Distribution and 
Baan Finance). High mobility 
preferred. 40 hrs/wk, 8 am —5 
pm, $70,000/yr. Qualified appli- 
cants report/submit resume to 
Manager, Washington County 
Team PA CareerLink, Millcraft 
Center, Suite 150LL, 90 West 
Chestnut St., Washington, PA 
15301-4517. Refer to Job Order 
No. WEB235003 


Programmers & Software Engi 
neers 

Design, develop, test and imple: 
ment specialized software apps 
using (a) 11S5.0, Clarify, XML 
VB, ASP, C, C++, CDO, MTS, 
SQL Server, Oracle & related 
tools in Sun Solaris/NT/UNIX 
(b) Citrix ASP, IIS, SQL Server 
DB2, Oracle/related tools, VB, 
ASP, Pro*C, Web methods, Citrix 
XPS, XML in Sun Solaris NT, 
2000; (c) Clarify, Clarity modules 
& tools-CB Exchange, DDE 
UIE, Clear Basic, VB, Unix Shell 
Scripts in Oracle/related tools. 
SQL Server, reporting tools in 
Sun Solaris/NT/2000; (d) Web 
Logic, XML, EJB, JDBC, Java 
Serviets, Cold Fusion, C, C++ 
Pro*C, Oracle, Sybase, SQL 
Server and related tools, Utilities 
in RS 6000, Solaris, NT/2000. 
Consulting positions requiring 
extended travel. Prevailing wage’ 
benefits. Send resume to Dale 
Blake, GPTS, 3250 Peachtree 
Industrial Bivd., Suite 203, Duluth, 
GA 30096. EOE 


Onsite Companies, Inc. has mul- 
tiple openings for Engineering 
Programmer - convert engineering 
problem formulations to format 
processable by computer; resolve 
symbolic formulations, prepare 
flow charts and block diagrams 
and encode resultant equations 
for processing by applying 
principles of engineering; confer 
with other engineering and 
technical personnel to resolve 
problems of intent, inaccuracy, or 
feasibility of computer processing; 
and enter program into computer 
system; and use any one (1) or 
more of the following” |-DEAS 
and/or Algor FEA. Req's. Bach's 
in CS, Systems Analysts, CIS. 
MIS, Business Admin, Comp 
Applications, Comp. Engg 
Electrical Engg., Electronic 
Engg., Mech Engg., Civil Engg 
Industrial Engg industrial 
Management & Technology 
Physics, Statistics or Math or its 
edu. equiv. Attn: G8102 
systems, inc. has multipie 
ypenings for Programmer Analyst 
Analyze, design, develop, test 
and implement computer appli 
ations using one (1) or more of 
the following: Visual Basic, Crystal 
Reports, Oracle, Windows NT 
lS, ColdFusion avaScript 
HTML, DHTML and/or MS Access 
Req's. Bach's in CS, Systems 
Analysis, CIS, MIS, information 
Systems, Comp. Applications 
Comp. Engg., Electrical Engg 
Electronic Engg., Mech Engg. 
Physics, Statistics or Math or its 
foreign edu. equiv. Attn: G62802 
Frequent relocation may be 
necessary. Send resume to J. 
Brigham, 6992 Columbia Gateway 
Dr., Columbia, MD 21046 


BRON Veh ie 


Database Analyst/Dvip. in 
Charlotte, NC, Wachovia Corp. 
Resp. for dvip. & support of the 
NightlyBox batch appl. & LOGOS 
report appl. for the Trade Oper 
Group. Reqs. BA in Comp. 
Science or rel. disc. & 2 yrs. exp. 
in pos. offd. or as Software Cons. 
or System Analyst. The 2 yrs of 
reqd. exp. must incl. new appl 
dvip. in batch & online envir. 

conversion of specs. into program 
code, testing & prod. implemen- 
tation. 1 yr of reqd. exp. must inci. 
work using rel. databases in Unix 
env., SQL prog., bulk data load 
utilities, Unix scripting lang. & 
AutoSys job sched. tool. 40hrs/ 
wk, $67K-$90K, Send resume & 
evr. ltr. to Sabrina Miller, 301 
South Tyron Street, NC 0953. 
Charlotte, NC 28288-0953 


SR. BASIS ENGINEER (SAP) 
to analyze, design, develop and 
implement customized software 
specifically for SAP R/3; Plan 
and execute installations, up- 

fades and system patches ina 

AP R/3 environment; Perform 
system monitoring, database 
admin., administration of change 
mgt, client mgt. and system se- 
curity; Provide support for inter- 
faces and ABAP programming 
environments; Perform duties 
using SAP Basis and Oracle 
on Windows NT and UNIX plat 
forms. Req: Bach. deg. (or foreign 
equiv.) in Comp. Sci./Engg, or a 
closely related field, with 4 yrs 
exp. in the job offered or as a 
SAP BASIS Consit. or BASIS 
Engg/Architect. Prior exp. must 
include 3 yrs. using SAP 
BASIS. Competitive salary and 
benefits. Send resume to: Pieter 
Badenhorst, Texperts, Inc., 7740 
Roswell Rd., Suite 600E 
Atlanta, GA 30350 


Manufacturing Software Engineer 
Owing Mills, MD. Assist Smart 
card eng. mgr, to design/develop 
software to interface custom 
machines and to manage, move 
and manipuiate data files. interface 
with international team. Direct 
factory support is required. Req. 
B.S. in CS or EE and working 
knowledge, through academic 
coursework or experience, of 
HMI, VB6, SQL, NT Server and 
Oracle 7/8. Salary: $53-55K/yr 
DOE. Resume to: Gaye Sauer. 
SchiumbergerSema, 9800 Reis- 
terstown Rd., Owing Mills, MD 
21117 


Software Engineer wanted by 
information Technology Co in 
Piscataway, NJ. Must have 
Master's Degree or Equivalent in 
Comp Sci, Math or Electrical 
Engg & 2 yr exp. Respond to 
Samsung SDS America, Inc 
15 Corporate Place South. 
Piscataway, NJ 08854. Fax 
732-465-4406. 


Synergy America, inc has 
multiple openings available for 
Prog/Sys Anal, S/W Engineers 
DBAs and Sys Admin to design 
develop applications in some of 
the following areas: VB, VC++ 
Cobol, SQL, Java, HTML, Oracle. 
Informix, Sybase, Internet and 
wireless technologies, Windows 
UNIX. All positions req BS/MS or 
foreign equiv in Comp Sci, Sci 
ence, Engg or Business. Combi: 
nation of edu and exp will be 
acceptec Highly competitive 
salaries & benefits. Travel 
relocation req. Resumes to: HR. 
1565 Woodington Circle, Suite 
101, Lawrenceville, GA 30044 


Software Engineer to analyze, 
design, develop, test and imple- 
ment Infranet Billing System and 
mission critical development 
projects using C, Oracle, Visual 
Basic, SQL Server etc; maintain 
and support client/server, internet/ 
intranet apps using Java 
HTML, JavaScript, JSP and Java 
Serviets; perform requirements 
analysis, problem analysis, solu- 
tion design, implementation and 
documentation on developed 
applications; perform debugging 
and modifications on existing 
software. Require: M.S. or for- 
eign equiv in CS/Engineering 
(any branch) or related field 
with 1-year exp. in the job 
offered. Competitive salary. Travel 
required. Resumes to, Intercall 
inc, Attn: Bala — Director, 1718 
Peachtree Street, NW, STE 554 
Atlanta, GA 30309 


Network Administrator (Atlanta 
GA): Install, configure & support 
Cisco routers. Support & monitor 
organization's Local Area Network 
(LAN), Wide area network (WAN) 
& Voice over IP network using 
Netcool SNMP NMS. Maintain 
Network hardware & software. 
Maintain & ensure network 
availability to all system users 
Monitor & test DS1 & DS3 
circuits w/ local LECs for data & 
voice communication; Monitor 
overall SS7 network using INET 
iRemote software. Req. Bachelor's 
in C.S., C. Engg or other closely 
related field + 2yr. exp. in job 
offered. Resume to: HR Dept; job 
code DBCW0405 Cbeyond 
Communications, 320 Interstate 
North Pkwy, S.E., Ste 300, 
Atlanta, GA 30339 


Software Engineer needed 
w/exp to design & customize 
GEMMS & Oracle Fin. applic 
perform DBA operations & client 
server database applications 
using Oracle*FORMS, PL/SQL 
C/C++, PRO*C, Perl, CGI 
scripts, GEMMS APIs, Oracle 
RDBMS, Unix, Linux & Windows 
environment. Send resumes to 
NFE Technologies, Inc., 250 
Dominion Dr., Morrisville, NC 
27560 


Senior Consultant: Design, dev. 
test & implement apps using C. 
C++, Java, VB, Oracle, Unix 
JSP, Java Script, AutoCAD & 
ANSYS. Dev. optimization 
tools/scripts & Intra-net web 
pages to support devmt. Req'd 
MS in Comp. Sci. or Engineering 
+ 3 yrs. exp. in similar duties 
Apply w/covitr/res to: President 
Gadiraju Technologies, Inc., 138 
Ketcham Road, Bellemead, NJ 
08824 


PROGRAMMER SENIOR 
sought by NJ based Securities 
Dealer. Must possess Master's 
Degree or equivalent in Engi 
neering/Telecommunications 

directly related field and 2 years 
exp. in software/systems devel 
ypment and design. Respond t 

Human Resources Department 
Knight Trading Group, Inc., 525 
Washington Bivd., Jersey City 


NJ 07310 


Programmer/Analyst / 
Software Engineer 
Software Art Corp., a software- 
consulting firm, requires soft- 
ware professionals with demon- 
strated hands-on experience in 
the following 
Client Server: PowerBuilder/C++/ 
Oracie/Sybase/Windows/Unix 
DBA: Oracle/Sybase 
Mainframe: COBOL/CICS/DB2 
Internet Computing: JAVA/ 
CORBA/XML, JAVA Websphere/ 
Weblogic, SAS Programmer 
QA Testers, Manugistics 
IT Project Leader 
Send resume to 
Software Art Corporation 
2304 Brunswick Ave, 
Lawrenceville NJ 08648 
609-394-8001 
hr@softwareart.com 
or 
27 Water Street 
Wakefield MA. 01880 
www.softwareart.com 
nicky @ softwareart.com 


Programmer Analyst, Sr.- 
Responsible for programming in 
data warehousing, including 
extracting, transforming loading 
& reporting. Perform ERP systems 
& SQL UNIX scripting to automate 
different processes. Must have 
Masters degree in Computer 
Science, Physics or Engineering 
or Bachelors degree in Computer 
Science, Physics or Engineering 
plus 2 yrs experience. Please fax 
resumes to MECA Recruiting 
201-392-6007 


Software Engineers & Program 
mers. “Web enable" legacy 
applications to facilitate EDI 
e-commerce and communication 
using ADABAS, Cobol, VB. 
FANTM, ION, VPN, ADA-SQL 
ASP, Oracle and related tools 
Prevailing wage & benefits 
HR, Spark Technologies, 7001 
Peachtree Industrial Bivd., Suite 
446, Norcross, GA 30092. EOE 


Sr. Systems Analyst for NJ 
based Co. Must have a 
Bachelor's degree in Comp 
Sc., Engg., 5 yrs of exp in job 
duties or Comp. S/W dev. and/or 
consulting and prof. with RDBMS 
(e.g. Oracle, SQL Server), Java 
VC++, VB, JSP, XML, Unix 
TCP/IP. Respond to: HR Dept 
Digital Arts, Inc., 119 Cherry Hill 
Road, Parsippany, NJ 07054 
(Ref: GG8150IM). No phone 


Product Marketing Mgr -Latir 
America wanted for manufacturer 
& Periphera 


& attend 


quirement, proced 

lems, improve existing systerr 
& promote/market products & 
services. Bachelor Degree or 
Foreign Degree Equiv.in Systems 
Engineering & 4 yrs of experi 
ence in job offered. Send resume 
to: Carlos Jimenez, ACER Latin 
America Inc. 1701 NW 87 Ave 


Miami, Fl. 33172 
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OLAP Database Administration 
Manager sought by NJ based 
Securities Dealer. Must possess 
Bachelor's or equivalent in Elec- 
tronics or Computer Engineering 
and 5 years exp. in software/ 
systems development and design. 
Respond to: Human Resources 
Department, Knight Trading 
Group, inc., 525 Washington 
Bivd., Jersey City, NJ 07310. 


PeopleSoft Tech Support Analyst 
wanted by Multinational Ad 
Agency in Manh. Analyze 
customize, implement & trou- 
bleshoot PeopleSoft software; 
provide support for software 
applications. BS in Comp & 
Engineering & 2 yrs exp in job 
offered req. Respond to: RP/HR 
Dept, PO Box 4241, GCS, NY. 
NY 10163. 


XML Systems Analysts needed 
to dsgn, dvip, test, maintain XSD 
code from reqmts documents as 
UML diagrams. Up to 10% travel 
reqd for conferences/meetings. 
Apply to HR Director, UCC, 1009 
Lenox Dr, Lawrenceville, NJ 
08648 


IT Consulting Co. specializing 
in software engineering and 
systems integration is looking for 
programmers/analysts for its 
Chicago, IL operations. Ideal 
candidates shall have degrees in 
Computer Science, Electrical 
Engineering or related field 
Please mail resume to: H.R 
Dept., Trigent Software, Inc. at 
11 Main St., Southborough, MA 


01772. No calls please. EOE 


Systems Analyst sought by 
Manufacturer of Institutional 
Linen in Baltimore, MD. Must 
have Bach in Comp Sci., Engg or 
equiv and one yr relevant exp 
Respond to: HR Dept, Intralin 
Corp., 2200 Winchester Street 


Baltimore, MD 21216 


Call your 
ITcareers Sales 
Representative 
yr Janis Crowley 


1-800-762-2977 
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Manager, iT Product Marketing 
& Support-Latin America wanted 
for Manufacturer of PC & 
Peripheral Product to manage & 
oversee !T product marketing 
& system support for Latin 
American market. Bachelor 
Degree or Foreign Degree 
Equiv.in Electronics Engineering 
& 4 yrs of exp. as Mgr. Engineering 
Dept. for International Computer 
Company. Send resume to 
Carlos Jimenez, ACER Latin 
America Inc. 1701 NW 87 Ave 
Miami, Fl. 33172. 


Software Engineers/Software 
Consultants/Programmer Ana 
lysts/Systems Administrators (all 
multiple positions) sought by 
computer s/w consultancy firm in 
North Brunswick, N.J. Must have 
Bach in Comp Sci., Engg or 
equiv and one yr relevant exp. 
Respond to: HR Dept, B2B 
Technologies, Inc., 201 North 
Center Drive, North Brunswick 


Nu 08902 


Systems Analyst wanted by NJ 
based Co for job loc throughout 
the US. Must have Bachelor's 
degree in Comp. Sc. or Engg., 3 
yrs. of s/ware exp. & proficiency 
with VB, ASP, XML, SQL Server. 
Respond to: Netcom Systems. 
Inc., 200 Metroplex Dr., 3rd ft 

Edison, NJ 08817. (Ref. GG 
8183). No phone calls 


Sr. Systems Analyst wanted by 
NJ based Co for job loc through- 
out the US. Must have Master's 
degree in Comp. Sc. or Engg., 3 
yrs. of s/ware exp. (for Wireless 
Communication) & proficiency 
with Bluetooth, UPnP, WAP, JINI 
& JDBC Driver, C++, JAVA & 
Visual Basic. Respond to: Atinav, 
Inc., 100 Franklin Sq. Dr., Ste 
#304, Somerset, NJ 08873. (Ref. 
GG 8073). No phone calls. 


Need Sr Software Engineer to 
manage teams to design/develop 
client server/internet appis using 
HTML, XML, JavaScript, ASP. 
VB, Oracle, SQL, etc under Unix 
& Windows OS; lead teams in 
testing large, complex S/W appis 
to automate business processes 
using various testing tools; interact 
with end clients and evaluate 
team members. Require MS in 
CS or Engineering (any branch) 
with 3 yrs exp or a BS or foreign 
equiv in any of the above with 5 
yrs of relevant progressive expe- 
rience in IT. Highly competitive 
salary. 60% traveling involved 
Send resume to: InfoSmart Tech 
nologies, Inc. 385 Leatherman 
Ct. Alpharetta, GA 30005 


A new millenium, a 


|B Renae 


Ordusion Technologies, Inc 
Atlanta, has immediate multiple 
openings for experience Pro: 
grammer/Analysts, S/W Engineers 
and DBAs in the following: VB. 
VC++, JAVA, HTML, ASP. 
Informix, Oracle, Sybase, CRM 
financials/other commercial soft 
ware packages, web/wireless. 
nternet technologies, Systems, 
DB administration etc. BS/MS 
degree (or foreign equiv) required. 
Highly competitive salaries, travel 
relocation required. Send resumes 
to 3883 Rogers Bridge Road 
Suite 504, Duluth, GA 30097 


Quantitative Business Analyst 
sought by NJ based Securities 
Dealer. Must possess Master's 
degree or equivalent in Computer 
Information Technology or directly 
related field and 2 years exp 
in software/systems development 
and design. Respond to: Human 
Resources Department, Knight 
Trading Group, Inc., 525 Wash 
ington Bivd., Jersey City, NJ 


07310. 


Wireless sftwr engr with exp in 
embedded Systems and RDBMS. 
Req: MS in Comp Sci or rel fid 
with 2+yrs exp in design/deve' 

opment embedded wireless 
software using eVC++, eVB, ATL 
COM, ADOCE, and CDPD 
extensive knowledge of WinCE 
and Pocket PC, RTOS, network 
com protocois, and device inter 
facing technology. Please send 
reusme to HR, Advanced Digital 
Data, Inc., 6 Laurel Drive 
Flanders, NJ 07836. 


Computer Professionals needed 
w/exp in performing database 
administration using Oracle 
Applications (ERP) 

operating system, Developer 
2000, Designer 2000, PL/SQL 
SQL*Loader, SQL*Plus, Pro*C 
Oracle Discoverer. Support & 
conversion of Unix based Paybill 
Application to Oracle Applications 
Apply to: Select Appt. North 
America, 60 Harvard Mills 


Square, Wakefield, MA 01880 


Oracle Developer for NJ based 
Organization. Must have a 
Bachelor's degree in Comp. Sc 
Engg., 3 yrs of exp in job duties 
or Comp. S/W dev. and/or 
consulting and proficiency ir 
Oracle and its tools. Respond to 
Mr. Jose Montanez, MIS Dept 
Operating Enginee 

825 Apprentice Training 
Retraining Fund, 65 Springfield 
Ave., Springfield, NJ 07081 
(Ref: GG8133IM) No phone 


Calis. 


Call Janis_Crowley at 1-800-762-2977 


AVM Ebates 


PROGRAMMER ANALYST. 
SOFTWARE ENGINEERS 
Saitech Corp, located in Jeffer- 
son City, MO is currently seeking 
individuals to design and ana 
lyze programming applications 
using COOL:GEN/EF; Develop, 
test and maintain applications 
using Cobol and DB2. Experience 
in Child Support systems is 
a plus. Requires MS/BS or 
equivalent and/or relevant work 
experience. Part of the relevant 
experience would include one 
year using COOL:GEN/IEF and 
DB2. Mail resume, transcripts. 
referen and salary require 
ments to Saitech Corp., 1200 
Duane Swift Pkwy., #A5, Jefferson 
City, MO 65109 


Senior Systems Engineer needed 
to investigate and resolve com: 
puter software problems of 
end-users. Will be abie to trace 
source of errors, such as SAP 
software configuration, hardware 
configuration or web-server 
configuration. Requirements: 
BE in computer science, elec 
tronics or information technology 
along with significant experience 
in the job offered or demonstrated 
experience providing high-level 
nical support. Send re 
S to Human Resources at 
(713) 952-9877 


Geoscience Programmers wanted 
to develop & enhance geo- 
science software using C++ & 
MFC, specifically applies to 
seismic data interpretation & 
modeling. Multiple positions. 
Master Degree in Science/Engi 
neering & 1 yr programming or 
related exp. Send resume to 
Seismic Micro-Technology, Inc 

8584 Katy Freeway, Suite 400 


Houston, TX 77024 


IL Wholesaler of Jeweiry seeks 
Web Design Analyst to develop. 
design and oversee the operation 
of the system; research and 
analyze Web sites; confer with 
management to plan content 
security; use research analysis 
to build prototypes; test system 
select software codes and 
maintain system/troubleshoot 
Bachelor's Degree in Electronics 
Engineering or equiv based on a 
cred. eval. Min exp. req. 3 
months in job or job-related 
Exp. must include use of Oracie 
Java & Windows NT. Travel re- 
quired. Resumes to GM Raju 
Jewelers USA, Inc., 330 E. Roo- 
sevelt Rd., Ste. 2G. Lombard, IL 
60148. No Calis. EOE 


Database Developer sought by 
NJ based Securities Dealer 
Must possess Master's Degree 
or equivalent in Information 

ystems Technology or directly 
related field and 2 years exp. in 
software/systems development 
and design. Respond to: Human 
Resources Department, Knight 
Trading Group, Inc., 525 Wash- 
ington Bivd., Jersey City, NJ 
07310. 


Biers ae 


ale 


Engineers 

Chiet Architect to oversee product 
development, optimization and 
marketing of XML & Java-based 
enterprise software. Requires 
2 years of mgmt-leve!l exp. in 
fuli-cycle development using 
XPath, JCA, & JTA Transaction 
Managers technologies for dis: 
tributed enterprise software. 
Vice President, Engineering to 
manage the development of 
enterprise software for business 
process mgmt, workflow mgmt. 
web interface and application 
servers. Requires 4 years of 
mgmt-level exp. in full-cycle 
development using J2EE Trans: 
action Managers technologies. 
developing distributed workflow 
mgmt systems in Java, & devel- 
oping XML frameworks for 
web-based user interfaces. 

IT Manager in charge of network 
strategy and security. Requires 2 
years of exp. in network security 
mgmt. using IP filtering (high-level 
firewalling), TCP/IP encryption 
and security, and BSD sockets. 
All positions require Bachelor's 
degree (or equivalent work ex 
perience) in Engineering, Com 
puter Science, Mathemati > 
a related field 

Send resume to: Humar 
Resources, Intalio, inc., 1900 S 
Norfolk St., Suite 290, San 
Mateo, CA 94403. 


Sr. Software Engineer. Respon 
sible for designing, implementing 
& developing components for 
company's manufacturing prod: 
ucts. Analyze high-level product 
specifications & detail design 
documentation & procedures 
for application development & 
architecture specifications in 
client-server environment using 
Visual C++, C++, UNIX/NT 
Java/VB Script, Oracie/SQL 
database, MFC configuration 
management, COM/DCOM 
COM++, COBRA ORB technolo 
gy. Must have Bachelor's degree 
nm Computer Science, Electrical 
Electronic Engineering or related 
field. Foreign degree equivalent 
accepted. Must have 5 yrs. exp. 
in job offered or position w/same 
duties. Salary: $92,975. Send 
resume to Jim Pearce, THRU-PUT 
CORPORATION, 2099 Gateway 
Place, Suite 240, San Jose, CA 
95110 


Programmer Analyst 
Design/implement healthcare 
apps with VB 5.0/6.0/NET, Access 
97/2000. Com, Dcom, SQL 
Server 2000, Crystal Reports 
and health care processes in 
cluding patient admission, state. 
federal mds, case mix, care 
planning, physician order 

tion control, security system 
payor source/payor plans, me 
medical device apps, healthcare 
billing/accounting and medical 
data sharing systems with 3rd 
parties, and communication 
apps for health care workers. 
Prevailing wage. BS Comp. Sc 
(or foreign equiv.) with 2 yrs exp. 
including 1 yr. exp. in developing 
above specified applications 
using above tools. Respond to 
Geoff Marsh, Horizon Healthcare 
Technologies, 12101 Woodcrest 
Executive Drive, Suite 201, St 
Louis, MO-63141. EOE 


Programmer Analyst 

Web enabie” mainframe apps. 
to facilitate EDI using Web 
sphere, Cold Fusion, ASP. 
Apache & related Web Servers. 
Cobol, DB2, CICS, VB, C, Java & 
related tools, Oracle, SQL Serv 
er, CSS, XML and XSL and 
Peregrine. Employer is a consult- 
ing company and position re 
quires travel Prevailing 
wage/benefit. Respond to: Atten- 
tion: Guy New, Jolig Consuiting 
Inc., 1311 Buckingham Place 
Richardson, TX 75081. EOE 


Computerworld + InfoWorld + Network World + April 8, 2002 


Senior Software Engineer sought 
by home satellite design & man 
ufacturing company in Littleton 
CO to work in Littleton & other 
unanticipated job sites in the US 
At a senior level, engage in fu 
lite-cycle software development 
of applications which manage 
internal processes. The software 
applications are developed in a 
client/server platform & incorpc 
rate relational database man 
agement systems, especially 
Oracle; they run on UNIX & Win 
dows NT operating systems. 
Analyze requirements & 
designs. Code, test, debuc 
enhance the software a a 
tions. Complete implementation 
of the applications & provide 
ubsequent user support & trou 
bleshooting. Prepare related 
documentation. Use program 
ming languages C, Pro & 
PL/SQL;& a variety of tools 
including Developer 2000, Oracle 
HR applications,& SQL Loader 
n the design & development 
process. Requires Master's or 
equivalent-specificaily, a master's 
degree or foreign equivaient in 
computer science or related fieid 
plus three years of progressive 
experience in developing soft 
ware applications in a client 
server environment, or a bache 
lor's degree or foreign equivalent 
in computer scien plated 
ield plus five of progres. 
sive experience in developing 
software applications in a client 
server environment, Working 
knowledge of Oracle Relational 
Database Management Systems 
Developer 2000 & PL/SQL. 8am: 
5pm, M-F; $73,235/year; Re 
spond by resume to James 
Shimada, Colorado Department 
of Labor & Employment, Em 
ployment & Ti ing Division 
Tower I!, #400,1515 Arapahoe 
Denver, CO 80202,& refer to Job 
Order Number CO5014400 


Software Development Engineer 
sought by company in Louisville 
CO to work in Brooklyn Park, MN 
& other unanticipated job sites 
n the US. For a company that 
manufactures and distributes 
omputer storage devices, par 
cipate in full life-cycle software 
development, focusing on the 
Jesign and development of soft 
ware applications for a systems 
health monitoring software pack 
age. Using Shiaer-Mellor graph 
cal OOA/OOD methodology 
UNIX and C++, design and 
Jevelop software that monitors 
the overall health of a multi 
processor computer system 
Analyze and define the require 
ments for a particu’ ware 
application or product, then 
create designs and design doc 
umentation for the software and 
ater code, test and debug the 
ticular software application 
Develop methodologies for the 
storage and management of 
using DCS (data collection 
service domain). Requires Bach- 
elor's in comp. sci. or comp. eng 
2 yrs. as a software engineer in 
the data storage industry; Work- 
ng knowledge of DCS, C++ and 
UNIX (working knowledge may 
gained through employment 
perience or in an academic 
gram). 8am-5pm, M-F 
1,455/yr. Respond by resume 
James Shimada, Colorado 
Department of Labor & Employ 
ment, Employment & Training 
Division, Tower |i, #400 
Arapahoe, Denver, CO 80202, & 
refer to Job Order Number 
CO5015209. 


Venturi seeks IS Admin. for 
Kirkland office. DESC: Dsor 
mpi, & admin. RDBMS & rei. c/s 
& middieware apps. util. SQL, C 
Java, SGML/XML, Perl, PHP. & 
Unix Shell. Prov. TCP/IP netwk 
admin. & sup. Dsgn & impl. LAN 
& WAN. Prov. UNIX sys. admin 
sup, & rel. s/w dev. Prov. internet 
& sys. security util. firewall 
encryption, & authentication 
techs. REQ: BS in Engr, CS. 
Math, or Phys. + 2 yrs. exp. in 
duties listed above. Prem. sal + 
benes. Pls. reply to J. King, Job 
#CCL-88, 11255 Kirkland Way, 
Kirkland, WA 98033. 





Emergys Corporation. We are 
a company specializing in ERP. 
E-Business, Client-Server and 
Internet Applications with over 
40 employees. The corporate 
headquarters are located in 
Chapel Hill, North Carolina and 
a branch office in iL. We are 
looking for top-notch computer 
professionals with consulting ex 
perience in the following areas or 
a combination thereof 


* SAP--SAP R/2 & R/3 Functional 
and Technical Consuitants in 
Fl, CO, FI-TR, Fl-Planning, & 
HRSD, MM, PP, PP-PI, AM, PM 
& PS, BASIS, SAP-EDI, ALE 
BW, WorkFlow, BAPI 

* RDBMS--Oracle, Sybase, In 
formix, MS- SQL Server 

* Tools & O/S--Designer 2000 
Developer 2000, Oracle Case 
PL/SQL, SQL Plus, SQL “Loader 
SQL*Reports, SOL*Forms, SQL 
“DBA, Sybase SQL, Sybase 
DBA, T-SQL, DB-Lib, CT-Lit 
PowerBuilder, UNIX, AIX, SCO, 
SCCS, SVR, Sun Sparc, Sun 
Solaris, Windows NT, SQR 
MQ Series 

* Groupware--Lotus Notes 4.X 
R5, Domino Server, Lotus Script 
Lotus Pump, MS Exchange 5.5 

* RDBMS Applications--Financial. 
Manufacturing, Distribution 
HRMS, AOL & exp. in Business 
Area 

*Internet Applications--Visual 
Basic, ActiveX, COM/DCOM 
ASP. VB Script, Visual J++, Vi 
sual C++, Oracle Web Server 
Visual Café, MFC, MTS, Java 
JSP, Java Script, Java Beans. 
JDBC, JFC, CORBA, HTML 
DHTML, Perl, Prolog, LISP. 

*E-Commerce--ARIBA, Web 
sphere, Commerceone, MS-Site 
Server, !BM Net Commerce 
Domino- Action, Merchant 
XML 


Requirement: Bachelor's or 
Master's degree in Computer 
Science, Engineering, Mathemat 
ics, Technology, Management 
Information Systems or Business 
Administration with 1 to 5 years 
experience in the field. Must be 
willing to travel to client sites 
throughout United States. We 
offer competitive salaries and 
benefits. Please mail, e-mail or 
fax resumes to Emergys Corpc 

ration, 6340 Quadrangle Drive 
#360, Chapel Hill, NC 27517 
Fax (919) 408 3384. Email 
recruit @ emergys.com 


SENIOR SOFTWARE ENGI 
NEER to lead a team in the 
design, development, testing, 
implementatio: nd mainte 
nance of Informix based appl 
ation software in a client/server 
environment using Fourgen and 
Fourgen case tools, Informix 
4GL, Visual Basic, C, Power 
Builder, SQL, Sybase, Oracle 
and UNIX Shell Scripting for 
Process automation under SCO 
UNIX and Linux operating sys 
tems; Provide technical support 
to end users. Require: B.S. in 
Computer Science, Computer 
Information Systems, or a close 
ly related field with five years of 
experience in the job offered 
or as a Programmer/Systems 
Analyst. Extensive travel on as. 
signment tc 
within the U.S. is required. Com 
petitive salary offered. Apply by 
resume to: Eduardo Santos, VP 


chent sites 


of Operations, Noble Systems 
Corporation, 4151 Ashford 
Dunwoody Road, Suite 550 
Atlanta, GA 30319; Attn: Job CR 


J for the following 
fices in Houston 
sco, CA, Warren 

NJ, Portland, OR and Salt Lake 
UT. Programmer Analysts. 
Technical Architects, Graphic 
Designers, Business Strategists. 
Systems Analysts, Software 
Engineers. Resumes by email or 
fax only to HR, SBI, 2825 East 
Cottonwood Parkway, Suite 480 
Salt Lake City, UT, 84121 
careers @ sbiandcompany.com 


Fax (801) 733-3201 


COMPUTER/IT 

Business Warehouse Consultant 
(web development engineering) 
(Troy, Michigan). Requires a 
Bachelor's degree or equivalent 
foreign education in engineering 
computer science, or business 
administration, and 3 years 
experience in the job offered or 
3 years’ experience in data ware- 
housing software development 
and design utilizing SAP R/3 
data structure and internet 
browser development standards. 
All stated experience must include 
work with dynamic database 
web publishing and interactive 
report design using Bex queries 
and analyzer, SAP Table Interface 
Class Methods, and ABAP/4 
One year of stated experience 
must include SAP Business 
Intormation Warehouse deve! 
opment. Engage in data ware 
housing software development 
and design utilizing SAP R/3 
data structure and internet 
browser development standards. 
specifically in connection with 
SAP Business Information Ware- 
house development. Engage in 
dynamic database web publishing 
and interactive report design 
using Bex queries and analyzer 
SAP Table Interface Class Meth 
ods, and ABAP/4. 40 hrs./wk 
8:00-5:00. Apply with resume to 
Jennifer McKenzie, Delphi Auto 
motive stems Corp., 1450 W. 
Long Lake Road, Troy, Michigan 
48098 


COMPUTER/IT 

Senior Software Engineer. Req 
a Master's degree in Comp. Sci 

Eng., or Info. Sci. & 2 yrs. exp. in 
the job offered or 2 yrs. exp. in 
object-oriented analysis, design 
testing & implementation. All of 
exp. must incl. use of Java 
Weblogic, & J2EE; design & 
development of computer training 
simulations; & relational database 
design & application in a software 
development life cycle. (Exp 

may be gained prior to completion 
of Master's degree.) Research 
design & develop advanced 
network & internet related e 
learning software programs in a 
unified style software develop. 
life cycle. Engage in analyzing 
developing, programming, de 
bi Ng, testing & implementing 
web-based software projects for 
web-sites using object-oriented 
programming & develop. tools. 
including C++, Java, Weblogic 

J2EE, & relational database 
design schema & applic. in a 
software development life cycle 
Design & develop computer 
training simulations & build 
proprietary software tools for 
commercial & in-house use. 40 
hrs./wk Send resume to 
SmartForce, 16100 N. Greenway 
Hayden Loop, Suite 800. 
Scottsdale, AZ 85260, Attr 


Linda Law 


Data arehouse Architect ir 

RTP, NC. Appl. dsgn. analysis 

devipmt & implement. of core 

operational Data Warehousing 
tech. for pharmaceutical ops 

Provide mgmt. vi. eval., plan and 
appl. for data warehousing prod: 

ucts & svcs. Serve as design & 
program consultant working with 
all levels of IT staff on existing 
and planned data warehouse 
DBMSs objects & appl./access 
layer. Ensure compliance with 
global and local IT standards 
audit compliance & best prac 

tices. Utilize adv. skills in Oracie 
8 Dbase technology and progm 
lang. like Pro*C, C, PL/SQL 

SOR, BRIO & prof. in UNIX ops 
sys. Req. Master's (or frgn 
equiv Comp. Sci. or related 
field with 2 yrs. exp in same pos. 
or in comp. sys. desgn & develop 
Exp. (may be obtained concur 

rently) must incl. the following 
1 yr. exp. with VLDBs in high 
performance data warehouse 
processing techniques, 2 yrs. 
exp. with Oracle Dbase techno! 
ogy using Pro*C, C, PL/SOL & 
SOR, & 2 yrs. exp. with UNIX 
ops. sys. 37.5 h/w. Send resume 
to: GlaxoSmithKline, c/o CW408. 
SthE2428D, PO Box 13398. 
Research Triangle Park, NC 
27709-3398. EOE 


IT CAREERS 


Vice President of 
Research & 
Development 


Forward resume to: 
e4eNet, 

Attn: Michele Monast, 
300 Crown Colony Drive, 
Quincy, MA 02169; 

Fax: 617-376-8825; 
E-mail: jobs@e4enet.com 


www.e4enet.com 


SVI AMERICA CORP. is an in 
formation management & tec! 
nology consulting company with 
offices throughout the US. We 
work with many organizations to 
develop integrated solutions that 
transform their enterprises. By 
understanding the key compo 
nents that drive an organization, 
we are providing tangible results 
& acompetitive advantage to our 
clients. 


SVI America Corp. presently 
requires Systems Programmer 

Analyst with the following quali 
fications: Bachelor's degree in a 
Math, Science, or Eng'g related 
discipline and 4 yrs exp in job 
offered and working experience 


with CICS & COBOL 


Demonstrate ability to: Provide 
production support to client's 
computer appl'ns; review and 
approve computer packages 
prior to implementation into 
production; perform systems 
integration, testing and imple 
mentation; provide regular feed. 
back & status reports to client's 
executives & IT specialists 
organize teams of programmers 
for the appl!'ns being handled 
coordinate with onsite product & 
business experts & /or users in 
the U.S. & abroad & offshore prc 
grammers and discuss activities. 
problems, and solutions; function 
as test coordinator for all appli 
cations during system or utilities 
upgrade; perform tasks using the 
following languages/software 
COBOL, CICS, JCL, CA-7, SQL 
Change Man, Extra Personal 
Client, Tivoli, PCAnywhere, Visual 
Foxpro, Foxpro, Visual Source 
Safe, Microfocus Cobol, Paybase 
16, Paybase 32, Remedy, Leect 
FTP, ESSBASE, A3 Vision, & 
Windows NT . In addition, suc 
cessful candidates must be willing 
to temporarily relocate to client 
sites throughout the U.S 


To apply, please contact 

HR Dept 

SVi America Corp 

15800 John J. Delaney Dr 
Suite 250, Charlotte, NC 2! 

or E-mail: hr_ admin @sviamerica 
com 


Sr. Applications Developer 
Must have exp w/ActiveX, ADO. 
Visual C++, SQL, FIX, ATL/STL 
Sockets, Rational Rose & SAD. 
BS in CS, Electronics, Math 
Eng’g or related discipline & 3 
yrs related ex, 


Software Engineer - Must have 
exp w/Visual C++, PeriBuilder 
VBScript, JavaScript, iS, SQL 
Server & Windows NT. MS CS 
Math or Eng’g & 2vrs related 
e 


Sr. Network Engineer - Must 
have exp w/PIX firewall, WEB. 
FTP, routers & switches, TCP/IP. 
Ethernet, Windows NT & 2000. 
RSA Authentication & VPN. BS 
CS, Math or Eng'g & 2 yrs. related 
exp. 


Send resume to: ITT, 120 B'way, 
34th Fl., NY, NY 10271. Attn 
Naomi 


Computerworld « 


Senior Business Consultant 


Carrier Corporation, an HVAC 
manufacturing company, has an 
immediate opening in Syracuse. 
New York for a Senior Business 
Consultant 


Design, develop and maintain 
custom Lotus Notes/Domino 
applications and perform related 
support services in both Notes 
and browser client environments 


Must possess at least a bachelor's 
degree or its equivalent in Com 
puter Science or a related field 
and relevant work experience as 
a Programmer Analyst, including 
using Lotus formula language 
and LotusScript, developing 
web-based applications using 
Domino, and using Javascript 
XML, HTML, DHTML and Oracle 
7.1 of higher 


Resume and/or cover letter must 
reflect each requirement above 
and specify reference code SBC 
or it will be rejected. 


Forward resume to Carol 
Antonacci, Manager, E-Business 
at Carrier Corporation, Carrier 
Transicold Division, 1 Carrier 
Pkwy, Bidg. TR20, Syracuse, NY 
13221 


Programmer/Analyst - Electrolux 
Home Products, a multi-national 
manufacturing corporation, seeks 
a qualified Programmer/Analyst 
n its Springfield, TN office to be 
responsible for data conversions, 
system implementation and sys: 
tem development and support in 
JDEdwards environment. Reqmts: 
Bachelor's degree iri Computer 
Science, Engineering, Math or 
Technology w/ 2 years of experi 
ence in the job offered or as 
Programmer Analyst, System 
Analyst or System Consultant 
Candidate must have JD Edwards 
programming, AS400 and Visual 
Basic experience and extensive 
manufacturing, programming and 
analysis background. Employer 
deems 3 years towards under 
graduate study and 1 year of 
professional experience in com 
puter field as meeting degree 
requirement. We offer competitive 
salaries & benefits. Please mail 
email or fax resume to Donna 
F. Edwards, P.O. Box 35920 
Cleveland, OH 44135-0920. Fax 
(216) 898-2340. Email: donna 


edwards @ electrolux.cor 


SOFTWARE ENGINEER 


Software engineer to design 
Jevelop and test computer pro: 
grams for business applications 
analyze software requirements 
to determine feasibility of design 
jirect software system testing 
procedures using expertise in 
JD Edwards One World, Oracle 
RPG/400 & MQ Series. Require 
ments: Bachelor's Degree in 
Computer Science or related 
field and two years experience 
as a software engineer or com 
puter programmer, knowledge 
JD Edwards One World, Oracle. 
RPG/400 & MQ Series. Salary 
$66,000/year. Working Conditions: 
8:00 A.M. to 5:00 P. 0 hours 
week, ir S extensive travel 
and frequent relocation. Apply 
Manager, Beaver County T 
PA CareerLink, 210: 

Beaver Falls, PA 

Job No. WEB2355: 


Programmer/Analyst 

MSU Software Consultants LL¢ 
seeks Programmer/Analyst ir 
our Cedar Rapids, |A loc Ss 
involves software analysis, design 
+ updates incl: spec dev't, coding 
modules, enhance existing fun 
tionality, debug, testing, imple 
mentation, design web graphics. 
writing scripts, + creation of control 
screens for admin of website 
Using Oracle, JAVA, JSP. JAVA 
Script, Windows, UNIX, OO, C 
Deveinper 2000, PL/SQL, HTML 
and MS Access. Qualified should 
have Bach. Sci. degree 2 yrs 
relevant exp. Applicants send 
resume to: MSU Software C 
sultants, Attn: Mark Dolter, 600 
1st Ave, NW, Cedar Rapids, IA 
92405 


April 8, 2002 


Project Manager. Manage inter- 
disciplinary teams to design 
develop, test & implement e 
business systems solutions for 
Clients using Internet technologies 
& object-oriented methodologies. 
Oversee all phases of system 
implementation including project 
planning, project management 
fi/gap analysis, training, testing, 
development & conversion 
Tools: Oracle, UNIX, PeopleSoft 
PeopleTools. Master's in Comp 
Sci.* + 2 yrs. exp. in job offered 
req'd. (“Will accept Master's de 
gree in any field + 2 yrs. exp. in 
systems development in lieu of 
Comp. Sci. degree.) Various & 
unanticipated locations through: 
out the U.S. 40 hrs/wk, 8am 
5pm, $116,000/yr. Applicants 
must show proof of legal authority 
to work in the US. Send 2 
copies of resume & cover letter 
to Colorado Dept. of Labor & 
Employment, Employment 
Programs, ATTN: Jim Shimada 
Two Park Centrai, Suite 400 
1515 Arapahoe Street, Denver. 
CO 80202-2117. Job Order 
C05015159. Empioyer Paid Ad 
Appiication is by resume only. 


Programmer Analyst. develop 
scalable dbase driven web apps 
using state of the art technologies 
to develop vertically or horizontally 
integrated e-Business solutions 
and web site apps. Reqs. Masters 
Degree in info sys, comp sci or 
closely related field + 2 yrs exp 
or Bachelors Degree in same + 
5 yrs progressively responsible 
exp. Must have demonstrated 
object analysis & design skills. 
data modeling expertise incl 
knowl or ERwin & exp creating 
multithreaded VisualBasic com 
ponents. Must have exp using 
Microsoft Transaction Server & 
Terminal Server. 40 hrs/wk 9. 
5:30. Salary commensurate w 
exp. Send resume to: Barbara 
Dunn, Vice President & Treasurer 
Comprehensive Marketing, Inc 
850 Bear Tavern Road, Suite 
101, Ewing, NJ 08628 


SYSTEMS ANALYST to analyze. 
design and develop computer 
systems to structure and access 
financial expenditure databases 
using COBOL, COBOL II, JCL 
CICS, VSAM, DB2, XPEDITER 
EASY-TRIEVE, FILEAID, ABEN 
DAID, TSO, PANVALET, LIBRAR: 
IAN, COMPAREX, RPG, MS 
ACCESS AND VISUAL BAS 
Perform duties under close 
Supervision of project manager 
to ensure accuracy and that 
project progresses according to 
prescribed instructions and ex 
pected results are met. Require 
B.S. degree in Computer Science. 
Business Administration, Eco. 
nomics, or a closely related field 
with one year of experience in 
the job offered. Competitive 
salary offered. Send resume to: 
Eugene Benjamin, Office of HR 
SC Dept. of Juvenile Justice 
P.O. Box 21069, Columbia, SC 
29221-1069; Attn: Job EC 


Position opening for IT profes 
sionals with industry exp. (various 
Skills combination reqd.) in Siebel, 
Smartscript, ODBC, Siebel VB. 
Oracle 7.x, Designer 2000 
COM+, VC++, ATL, Visual 
Interdev, MTS, XML, Unix, SDK 
Corba, CTI, IVR Integration, etc 
MS or equiv. Engg., (any), CS. 
Math., or rel. field reqd. Some 
positions require or equiv. ir 
any of the above offer com 
petitive pay & benefits. Foreign 
uC. equiv or combination 
of educ/exp. accepted. Travel 
relocation reqd. Resumes only to 
HR, American Cyber Systems. 
Inc., 100 Crescent Center Pkwy 
Suite 209, Tucker, GA 30084 


ee Ore 


Experienced Programmer/Ana- 
lysts for Inter/Intranet e-commerce 
applications using Java, Jdevel- 
oper, Oracle 8i, JSP, UML 
Servelets, JavaScript, Delphi 
Oracle IAS server, Developer & 
Designer 2000, Sun Solaris and 
Windows NT/2000 Requires 
atleast 4 yrs of experience in 
above skills with a minimum of 
one year in Healthcare Systems. 
Must Have a Bachelor's degree 
in Computer Science or 
Engineering .Send resume to 
Computer Assoc. of USA, Inc 
7157 E. M78, East Lansing, MI 
48823) 


Concio Corp. HO in Santa Clara. 
CA seeking: SW Enggs, Program 
Anal. Tech Supp. Special. MS: 
BS or equiv. and/or rel wk exp. 
Must be willing to travel & rel. as 
reqd. Mail res, ref & salary req 
Concio Corp, Sheela Kotak 
3130 Coronado Dr Santa 


Clara, CA 95054 


HNC Software is currently 
recruiting for the following position 


Software Consultant/Sr Software 
Consultant: Development role w 
primary focus on implementation 
tasks; architect & implement 
specific product rule projects. 
troubleshoot application, database 
& network connectivity problems: 
work w/ relational databases 
programming, & object oriented 
analysis. Jobsite: Texas. Reqs. 
B.S.Eng., CS or related 


To apply, please send your 
resume to mp@hnc.com, fax 
858-799-2800 or mail: 5935 
Cornerstone Ct West, San 
Diego, CA 92121 
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NEWS 


ellular Carriers, DO 
Debate Spectrum Needs 


Neither side gives ground at government 


BY BOB BREWIN 
WASHINGTON 
HE U.S. PENTAGON 
would consider 
sharing its portion 
of the radio-fre- 
quency spectrum 
with commercial wireless oper- 
ators — if those companies as- 
sume liability for any problems 
that result, including the possi- 
bility of a test missile going 
astray and hitting a populated 
area because of interference. 

That’s one scenario outlined 
last week by John Stenbit, assis- 
tant secretary of Defense for 
command, control, communica- 
tions and intelligence, at a Spec- 
trum Summit sponsored by the 
Department of Commerce. 

A Commerce Department 
agency, the National Telecom- 
munications and Information 
Administration (NTIA), man- 


Correction 


Astory in the April 1 issue (“Law- 
suits Highlight PayPal's Growing 
Pains”) incorrectly stated that 
Palo Alto, Calif.-based online 
payment processor PayPal Inc. 
doesn’t have a telephone sup- 
port line for free account holders 
and mischaracterized a class-ac- 
tion lawsuit against the compa- 
ny. PayPal offers a toll phone line 
for those customers, but the suit 
charges that the number is hard 
to find and subjects users to long 
waits and frequent hang-ups. 
The story also misstated Pay- 
Pal’s payment processing vol- 
ume, which totals about $10 mil- 
lion per day. 





| but 


| that 


ages portions of the radio-fre- 
quency band licensed to feder- 
al users, including the Depart- 
ment of Defense (DOD). 
Stenbit’s extreme example 
shows the sorts of difficult 
choices commercial, federal 
and public safety users face as 
they vie for a piece of invisible, 
increasingly valuable, 
spectrum real estate. 

In a keynote speech, Secre- 
tary of Commerce Donald 
Evans warned, “Today, more 
than ever, we are conscious of 
the importance of spectrum- 
related technology [for] our 


Continued from page 1 


IBM License 


and software configuration,” 


said Lillian Cooper, president 


| of Share Inc., a large-systems 


user group in Chicago. “Com- 
panies will have to evaluate 


| whether the software savings 
| opportunity, in the face of ris- 


ing software costs, is worth the 
extra effort,” she added. 

IBM didn’t respond to re- 
peated requests for comment. 

According to Cooper, more- 
over, IBM’s decision to delay a 
license management and com- 
pliance technology called IBM 
License Manager — which was 
supposed to have become 
available last fall — was due to 
user requests for changes in 
technology. But the 
interim manual reporting im- 
plementation makes WLC 
harder to manage, Cooper said. 

IBM introduced its variable 


national defense and home- 
land security.” 

Evans and Federal Commu- 
nications Commission Chair- 
man Michael Powell both said 
they view the summit as a first 
| step in resolving contentious 
| spectrum But, aside 
from agreeing that the FCC, 
NTIA and Congress have cre- 


issues. 


regulations and oversight that 
impede progress, top-level 
participants from industry and 
| government at a panel discus- 
| sion agreed on little else. 

For example, the cellular 
telephone industry, which has 
130 million subscribers, needs 
additional spectrum to support 
| both voice operations and 
| high-speed data services, ac- 





| WLC in October 2000 along 
| with its 64-bit zSeries main- 
| frames. WLC basically allows 
users to pay mainframe 
| software based on the expect- 
| ed average size of their work- 
| loads and not on the overall ca- 
pacity of their systems. 


for 


| Keen Understanding Required 

| If implemented correctly, 
| the model can yield “very sub- 
| stantial” cost savings over tra- 
| ditional capacity models, said 
| Dan Kaberon, parallel sysplex 
| manager at Hewitt Associates 
| LLC in Lincolnshire, Ill. 

| “But one has to have a clear 


| understanding of the peaks 


and valleys of workload de- 
| mand,” he noted. Hewitt has 
purchased several of IBM’s 
| zSeries mainframes and has 
| switched all of its software to 
| the new model, but Kaberon 
declined to specify how much 
Hewitt has saved. 

Doing proper software ca- 


| 
| 
| 
| 
| 





ated a bureaucratic morass of 





pacity planning is crucial to | 


| cording to John Stanton, chair- 


man of Bellevue, Wash.-based 
VoiceStream Wireless Corp. 

Cellular carriers have eyed 
portions of the spectrum used 
by the DOD for years and have 
lobbied either to share it or ac- 
quire portions of the band- 
width in an outright auction. 

An auction of the DOD spec- 
trum would require Defense 
officials to move complex sys- 
tems to new frequencies, 
which in turn would require 
new wireless communications 
systems costing hundreds of 
millions of dollars. 

The cellular industry has 
proposed an auction process 
that would include money to 


| cover the DOD's expenses, but 


Stenbit said that approach was 


taking advantage of WLC, said 
David Ochroch, an analyst at 
Reiner Associates Inc., a San 
Francisco-based contract man- 
agement consulting firm. 
Under WLC, users can de- 
fine the system capacity they 
need for a particular workload 


| and pay software fees only for 
that defined capacity. The ap- 
| proach is far more equitable 


than previous capacity models, 
in which users paid for soft- 
ware based on the overall size 
of the system. The larger the 
box, the higher the software 
cost, irrespective of actual use, 
Ochroch said. 

However, if the average 
workload — measured over a 
four-hour period under WLC 
— exceeds the licensed capaci- 


| ty, the result can be perfor- 


mance degradations and addi- 
tional software bills, warned 
Pat Ciacala, president of 
Ciacala & Associates LLC, a 
Hoboken, NJ.-based contract 
management consultancy. 


United 
| utility industry telecommuni- 
cations trade group. 


| rector 


| services 


| software 
| Cooper said. Users must use 
| that information to plan image 
| capacities and software de- 
| ployment on those images and 


an “untenable risk.” The FCC 


| has delayed any such auction 
| until at least 2004. 


Commercial carriers aren’t 


| the only ones seeking spec- 


trum space. Electric, gas and 


water utilities use their slice of 
| the spectrum band to monitor 


and control wide-ranging pow- 
er networks, gas pipelines and 


| water systems. They also use 
| specific frequencies to dis- 
| patch repair crews — and they 


need more spectrum, accord- 


| ing to William Moroney, chair- 


man of the Washington-based 


Telecom Council, a 


Powell said the FCC needs to 
make “greater use of market 
mechanisms” to allocate the 
spectrum. 

However, Michael Duffy, di- 
of telecommunication 
at the U.S. Depart- 
ment of Justice, said price tags 


} can’t be pinned on spectrum 


frequencies because they “sup- 
port things society demands, 


| such as public safety.” D 


Also, not all users are likely 


| to benefit from WLC as it cur- 
| rently exists, said Al Sherkow, 
| president of I/S Management 
| Strategies Ltd. in Whitefish 


Bay, Wis. For instance, there 


are many cases where the sum 


of the defined capacities li- 


| censed by a company could ex- 


ceed the capacity of a system. 
Similarly, a usage-based li- 


| censing option available on sev- 


eral crucial pieces of IBM soft- 


| ware, such as DB2, IMS, CICS 


and MQSeries, isn’t available 


| under WLC, analysts said. 


To take advantage of the fi- 


| nancial incentives offered by 


WLC, users need to under- 


| stand which software is active 
| in each system image and the 
| capacities required to run the 


on these images, 


then implement the plan, she 
explained. D 
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FRANK HAYES/FRANKLY SPEAKING 


Fair Is Fair 


ERE’S WHY MICROSOFT IS A LAUGHINGSTOCK 
when it comes to security: Last week, security re- 
searcher Georgi Guninski announced that he had 
found two more holes in Microsoft’s Office XP. Gun- 
inski actually found the holes in mid-March and noti- 
fied Microsoft on March 17. After two weeks passed without Micro- 
soft issuing a patch or work-around, Guninski went public. 
Microsoft’s response? A belated work-around for one of the secu- 
rity holes and a complaint that Guninski had gone public “before 


we've had a fair chance to investigate.” 

Fair? Fair?!? Wait, it gets better: Microsoft's 
official statement went on to say that Guninski’s 
report “may put our customers at risk. ... Re- 
sponsible security researchers work with the 
vendor of a suspected vulnerability issue to en- 
sure that countermeasures are developed before 
the issue is made public and customers are 
needlessly put at risk.” 

That’s pathetic. It’s laughable. Those security 
holes are in Office XP because that’s how Micro- 
soft shipped the product. The company has been 
shipping products for years that are badly de- 
signed and poorly tested from a security stand- 
point. And Microsoft refuses to stop shipping 
products it knows are faulty. 

Microsoft is also a notorious foot-dragger 
when it comes to admitting security vulnerabil- 
ities and issuing patches and work-arounds. 
And when the company does issue a security 
patch, far too often the patch ends up breaking 
something else -- or worse, it opens a new 
security hole. 

That’s what's neither fair nor responsible. 
That’s what puts Microsoft’s customers need- 
lessly at risk. Nobody else created this situation. 
Microsoft made this mess. And all the finger- 
pointing is just cheating Microsoft’s 
customers. 

Let’s cut to the chase here: So far, 
Microsoft’s big security initiative — 
called “Trustworthy Computing” — 
has been a joke. It’s produced noth- 
ing but hot air and hand-waving. And 
that’s all we'll get unless somebody 
in Redmond throws some real mon- 
ey and real clout at making Micro- 
soft products more secure. 

How? Microsoft could start by 
creating SWAT teams that treat a 
security hole as a crisis that poses 
an immediate threat to customers, 





FRANK HAYES, Computer: 
world's senior news colum- 
nist, has covered IT for more 
than 20 years. Contact him at 
trank_hayes@computerworld.com. 


not just an annoying public relations embarrass- 
ment. Teams that can produce work-arounds to 
a security hole in hours or days, not weeks or 
months. Teams that get the resources they need 
to define fixes properly and test patches thor- 
oughly — and quickly. 

Then Microsoft could begin finding security 
holes on its own, instead of waiting for those 
horribly “unfair” outside security researchers to 
do it. That means creating a new class of soft- 
ware testers at Microsoft — testers whose goal 
is to break Microsoft products in any way possi- 
ble, to find all the design flaws and coding er- 
rors that make the software vulnerable, whether 
they were in the specification or not. 

Those code-busters will be pariahs among 
programmers and product managers. They'll 
have to think — and act — like Microsoft’s 
worst enemies, attacking products from every 
possible angle and with every possible tool. 
And they’ll have to keep attacking, even after 
products ship. Especially after products ship. 

But their efforts to uncover holes and find 
problems will be useless unless those problems 
are fixed. Which means Microsoft would have 
to give them a boss who has enough clout to 
stand up to anyone in the company — any prod- 

uct manager, any executive, any 
Chief Software Architect — and tell 
him a product has holes and must 
be fixed now, and damn the niceties 
and the shipping schedule. 

Would SWAT teams and code- 
busters and a Chief Fix-It-Dammit! 


Officer solve all of Microsoft's secu- | 


rity problems? Probably not. But 
with a real investment in security, 
Microsoft could do a lot less whin- 
ing about “unfairness.” 

And a lot fewer people would 
think Microsoft’s commitment to 
security is a joke. D 


s 





“THE SEARCH function on one 
of my Lotus Notes databases 
isn't working,” user messages 
help desk pilot fish. We have 
many Lotus Notes databases, 
fish replies - which one isn’t 
working? User fires back, “When 
you open Lotus Notes, it will be 
the database on the left.” 


BANKING application keeps 
losing one field in a report. Pilot 
fish spends a week trying to !o- 
cate the problem and finally finds 
it: “There's a bad 2 bit on the 
backplane of the processor,” he 
tells the bank’s president. Furi 
ous president calls computer 
vendor's CEO to howl that it took 
a week to fix this problem due to 
“a lousy 25-cent part.” 


MAINFRAME channel con- 
troller's indicator lights keep 
blinking red - for error. At 5 a.m., 
after 10 hours of fruitless trouble- 
shooting, computer engineer 
finally strolls into the command 
center and tells IT pilot fish he’s 
fixed all the red-light errors. 
How'd you do it? fish asks. Says 
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engineer, “I just changed them 
all to white lights.” 


WHY IS the wrong day's backup 
tape in the server? boss asks. IT 
pilot fish points out that the 
backup system hasn't worked in 
two years, so why waste time 
changing tapes every day for a 
broken backup sysiem? Wrong, 
says boss: “Just because it 
doesn't work, doesn't mean we 
don't put the tapes in there.” 


NEW IT security rules at this 
school are tight, pilot fish re- 
ports. Access to attendance ap- 
plication is via VPN and requires 
a synchronous key generator, 
three user names and three 
passwords. But one teacher 
finds a way around the password 
hassles: “Now | just turn my 
monitor off when | go home.” 


Have your say: sharky@ 
computerworld.com. You get 
a sharp Shark shirt if your true 
tale of IT life sees print - or if it 
shows up in the daily feed at 
computerworld.com/sharky. 
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You're an IT professional, not an Internet traffic controller. 


Sick of saying “no” to co-workers’ online access requests? Let Websense Enterprise Web filtering software handle your Internet 
traffic control duties. Our customizable features save time and headaches. Whether you need to serve 50 or 50,000 users, 
manage Internet access by individual or group, or enable surfing at lunch or after hours, Websense gives you options. 

All in an easy-to-install and implement solution. Get the Web filtering software tested and trusted by more than half the 


Fortune 500. And put away that orange vest for good. 


. WZJEBSENSE. 
Stop by www.websense.com today for your free, fully functional 30-day trial. EMPLOYEE INTERNET MANAGEMENT 
NASDAQ: WBSN 


WEBSENSE INTEGRATES WITH LEADING INFRASTRUCTURE SOLUTIONS SUCH AS: ee 
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Oracle9: JDeveloper 


*995 


“Oracle9i JDeveloper is one of the “Oracle’s goal is nothing less than 
most responsive, complete and providing the Java developer with 
best integrated Java development a single soup-to-nuts environment 
environments that we've seen.” for everything from UML 


2 modeling to J2EE deployment.” 
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deveLopment 


“For the full development, debug- 

ging, tuning, and development i 
of...Java-based applications for "JDeveloper is a clear winner. 
complex corporate applications, 


> XML 
I’ve not seen better. & WEB SERVICES 
JAVAPro 


If you want the best Java integrated development environment, 
you have to be willing to spend less. 
(Or download for free, but don’t tell anybody.) 


ORACLE 


oracle.com/ad/jdev995 
or call 1.800.633.1072 








